Open GeraldRyan opened 2 years ago
We can look into tightening the heuristics to ignore transfers to addresses where the amount sent is based on the address i.e. used as key in a mapping or argument of a function.
I think the detector in the 0.8.3 is still named "arbitrary-send" and was renamed to "arbitrary-send-eth" on the development branch (https://github.com/crytic/slither/pull/1025), so substituting in "arbitrary-send" should work.
We can look into tightening the heuristics to ignore transfers to addresses where the amount sent is based on the address i.e. used as key in a mapping or argument of a function.
From my understanding, the detector already tries to exclude functions where the address is used as an index (eg uint256 allowanceAvailable = _payoutTotals[addressOfProposer];
). Here is the code that seems to check for this:
However, this only checks for msg.sender
, while later on is_tainted
also checks for function inputs, tx.origin and more. The solution is likely to check if a tainted value is used as an index, rather than only checking if a variable depending on msg.sender is used as an index.
Describe the issue:
UPDATE:
(2) and (3) are resolved by using detector name "arbitrary-send", not "arbitrary-send-eth". That could be made more clear in the docs since it is titled "Check: arbitrary-send-eth" on the man page, but it has been resolved
However, (1) still seems to be an issue
OP:
arbitrary-send-eth seems broken- both producing false positive (1), and not working as a detector that can be ignored or detected against individually (2) and (3).
(1) This code appears controlled, not sending ether to an arbitrary user address. They have to have an allowanceAvailable per contract state, yet slither produces:
That's the first bug.
(2) Next, I added this line:
It still produces the high level warning
(3) Third, I ran
slither PowDAO.sol --detect arbitrary-send-eth
And I got the responseCode example to reproduce the issue:
Version:
0.8.3
Relevant log output:
and
slither PowDAO.sol --detect arbitrary-send-eth