Merge pull request #108 from pessimistic-io/develop

v0.5.0
pessimistic-io · Dec 7, 2023 · 9a4bb01 · 9a4bb01
2 parents f08f656 + a4379a4
commit 9a4bb01
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 [![Our Website](https://img.shields.io/badge/By-pessimistic.io-green?style=flat-square&logo=appveyor?logo=data:https://pessimistic.io/favicon.ico)](https://pessimistic.io/)
 [![Mail](https://img.shields.io/badge/Mail-gm%40pessimistic.io-orange?style=flat-square&logo=appveyor?logo=data:https://pessimistic.io/favicon.ico)](mailto:[email protected])
 
-**Welcome!** We are the [pessimistic.io](https://pessimistic.io/) team, and in recent months we have been actively developing our [own **Slither detectors**](https://github.com/pessimistic-io/slitherin/tree/master/slither_pess/detectors) to help with code review and audit process. This repository contains everything you may require to work with them!
+**Welcome!** We are the [pessimistic.io](https://pessimistic.io/) team, and in recent months we have been actively developing our [own **Slither detectors**](https://github.com/pessimistic-io/slitherin/tree/develop/slitherin/detectors) to help with code review and audit process. This repository contains everything you may require to work with them!
 
 We increased the sensitivity of our detectors since they are *quite straightforward* and not written in the "original style." As a result, they produce FPs ([False Positives](https://en.wikipedia.org/wiki/False_positives_and_false_negatives)) more frequently than original ones. So that, our detectors are a kind of automation of the checks implemented in the checklist, their main purpose is to look for issues and assist the code auditor.
 

diff --git a/slitherin/cli.py b/slitherin/cli.py
@@ -6,14 +6,14 @@
 import shutil
 import pty
 from pathlib import Path
-import slither_pess
+import slitherin
 from pkg_resources import iter_entry_points
 
-SLITHERIN_VERSION = "0.4.1"
+SLITHERIN_VERSION = "0.5.0"
 
 
 def slitherin_detectors_list_as_arguments() -> str:
-    return ",".join([detector.ARGUMENT for detector in slither_pess.plugin_detectors])
+    return ",".join([detector.ARGUMENT for detector in slitherin.plugin_detectors])
 
 
 logging.basicConfig()
@@ -51,7 +51,7 @@ def run(
 
 
 def handle_list() -> None:
-    detectors = slither_pess.plugin_detectors
+    detectors = slitherin.plugin_detectors
     for detector in detectors:
         print(detector.ARGUMENT)
 

diff --git a/slitherin/detectors/arbitrary_call/arbitrary_call.py b/slitherin/detectors/arbitrary_call/arbitrary_call.py
@@ -215,14 +215,13 @@ def analyze_contract(self, contract: Contract):
                     text = f"The {part} could be manipulated"
                 info += [f"\t{text} through ", f, "\n"]
 
-            res = self.generate_result(info)
-            res.add(node)
+                res = self.generate_result(info)
+                res.add(node)
+                res.data["check"] = self.ARGUMENT + detectorParams.argument_suffix
+                res.data["impact"] = classification_txt[detectorParams.impact]
+                res.data["confidence"] = classification_txt[detectorParams.confidence]
 
-            res.data["check"] = self.ARGUMENT + detectorParams.argument_suffix
-            res.data["impact"] = classification_txt[detectorParams.impact]
-            res.data["confidence"] = classification_txt[detectorParams.confidence]
-
-            results.append(res)
+                results.append(res)
         return results
 
     def _detect(self):

diff --git a/slitherin/detectors/falsy_only_eoa_modifier.py b/slitherin/detectors/falsy_only_eoa_modifier.py
@@ -33,8 +33,9 @@ def hasWrongEq(self, fun, params=None):
                     if is_tx: 
                         varListTx.append(var)
                 for i in range(len(varListTx)):
-                    if(str(n).__contains__(f'{varListMsg[i]} == {varListTx[i]}') or str(n).__contains__(f'{varListTx[i]} == {varListMsg[i]}')):
-                        return "True"
+                    for j in range(len(varListMsg)):
+                        if(str(n).__contains__(f'{varListMsg[j]} == {varListTx[i]}') or str(n).__contains__(f'{varListTx[i]} == {varListMsg[j]}')):
+                            return "True"
         return "False"
 
     def _detect(self):

diff --git a/tests/falsy_only_eoa_modifier_test.sol b/tests/falsy_only_eoa_modifier_test.sol
@@ -2,19 +2,25 @@ pragma solidity ^0.8.0;
 
 contract falsy_only_eoa_modifier_test {
     uint256 toSet;
-    bool isProtected = true;
+    address owner = msg.sender;
 
     modifier onlyOwner() {
-        require(isProtected);
+        require(owner == msg.sender);
         _;
     }
 
-    function set_vulnurable(uint256 setter) public onlyOwner {
+    function set_vulnerable(uint256 setter) public onlyOwner {
         if(msg.sender == tx.origin){
             toSet = setter;
         }
     }
 
+    function set_tx_origin(uint256 setter) public onlyOwner {
+        if(owner == tx.origin){
+            toSet = setter;
+        }
+    }
+
     function set_ok(uint256 setter) public onlyOwner {
         toSet = setter;
     }