Open area opened 4 years ago
Thanks for reporting the issue and for finding a minimal working example. That's very helpful.
We are looking into the false positive.
Here is an even simpler example:
pragma solidity 0.5.11;
contract Resolver {
function f(string memory sig) public payable {
abi.encodePacked(sig);
}
}
It looks like there is a real integer overflow occurring here, but it is generated by the compiler.
We will decide whether or not we want to hide those overflows in the response, as they are unfixable by the user.
With the following contract
running
yarn truffle run verify --mode quick ./contracts/Resolver.sol
I get the report:replacing
sig
with auint
(rather thanstring
) causes the error to disappear. This is minimum working example from a larger contract, where the line numbers were very wrong in the report (referring to a comment block at the start of the file with licensing information).EDIT: Example report UUID: 9ca79e99-d5d6-4ffc-8268-3c01a0307857