search

Consensys / truffle-security

MythX smart contract security verification plugin for Truffle Framework
https://mythx.io
124 stars 28 forks source link

Bad results from interface contracts #225

Closed elenadimitrova closed 5 years ago

elenadimitrova commented 5 years ago

Generally interface contracts are just function signature definitions without any logic, yet there are the following warnings generated for the interface contracts here https://github.com/JoinColony/colonyNetwork/tree/develop/contracts

Tests were executed with v1.4.4. We have verified that this issue does not exist in v1.4.2 so it appears to have been introduced in v1.4.4. Version 1.5.x is not workable for us at present due to #222 so I'm unable to reliably test with it.

/colonyNetwork/contracts/IColonyNetwork.sol

║ Line     │ Column   │ Type     │ Message                                                │ Rule ID              ║
╟──────────┼──────────┼──────────┼────────────────────────────────────────────────────────┼──────────────────────╢
║ 18       │ 0        │ warning  │ A floating pragma is set.                              │ SWC-103              ║
║ 118      │ 37       │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 134      │ 35       │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 140      │ 44       │ warning  │ The contract executes an external message call.        │ SWC-107              ║

/colonyNetwork/contracts/IEtherRouter.sol

║ Line     │ Column   │ Type     │ Message                                                │ Rule ID              ║
╟──────────┼──────────┼──────────┼────────────────────────────────────────────────────────┼──────────────────────╢
║ 18       │ 0        │ warning  │ A floating pragma is set.                              │ SWC-103              ║
║ 30       │ 5504     │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 30       │ 6411     │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 30       │ 6819     │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 38       │ 6005     │ warning  │ The contract executes an external message call.        │ SWC-107              ║
║ 38       │ 6413     │ warning  │ The contract executes an external message call.        │ SWC-107

/colonyNetwork/contracts/ITokenLocking.sol

║ Line     │ Column   │ Type     │ Message                                                │ Rule ID              ║
╟──────────┼──────────┼──────────┼────────────────────────────────────────────────────────┼──────────────────────╢
║ 84       │ 3606     │ warning  │ A reachable exception has been detected.               │ SWC-110              ║

/colonyNetwork/contracts/ColonyNetworkStorage.sol

║ Line     │ Column   │ Type     │ Message                                                │ Rule ID              ║
╟──────────┼──────────┼──────────┼────────────────────────────────────────────────────────┼──────────────────────╢
║ 33       │ 2        │ warning  │ State variable shadows another state variable.         │ SWC-119              ║

/colonyNetwork/contracts/IMetaColony.sol
║ 53       │ 1664     │ error    │ persistent state read after call                       │ SWC-107              ║
║ 53       │ 1686     │ error    │ persistent state read after call                       │ SWC-107              ║
║ 53       │ 1731     │ warning  │ multiple external calls                                │ SWC-113
nbanmp commented 5 years ago

This also probably has the same root cause as #222. Thanks for bearing with us!