search

crytic / amarna

Amarna is a static-analyzer and linter for the Cairo programming language.
https://blog.trailofbits.com/2022/04/20/amarna-static-analysis-for-cairo-programs/
GNU Affero General Public License v3.0
148 stars 7 forks source link

Function flagged as implicit import when explicitly imported #74

Closed coolhill closed 2 years ago

coolhill commented 2 years ago

Running Amarna incorrectly flags auth_read_storage as implicit when it is explicit.

~proxy.cairo

%lang starknet

from utils import auth_read_storage

~utils.cairo

%lang starknet

from starkware.starknet.common.syscalls import storage_read, storage_write, get_caller_address

# Helpers for auth users to interact with contract's storage 
@view
func auth_read_storage{
        syscall_ptr : felt*,
    }(auth_account : felt, address : felt) -> (value : felt):
    let (caller) = get_caller_address()

    assert caller = auth_account

    let (value) = storage_read(address=address)

    return (value=value)
end

@external
func auth_write_storage{
        syscall_ptr : felt*,
    }(auth_account : felt, address : felt, value : felt):
    let (caller) = get_caller_address()

    assert caller = auth_account

    storage_write(address=address, value=value)
    return()
end

$ amarna -s .
[implicit-import] [This](0) function will be imported by [here](1), even though it was not explicitly imported. in utils.cairo:19:1 and proxy.cairo:3:19
[implicit-import] [This](0) function will be imported by [here](1), even though it was not explicitly imported. in utils.cairo:6:1 and proxy.cairo:3:19
[must-check-caller-address] in utils.cairo:10:10
[must-check-caller-address] in utils.cairo:23:10
[unused-imports] in proxy.cairo:3:19