[Bug-Candidate]:

[apolishch]

Describe the issue:

Slither does not respect remaps on remote address, neither the ones provided on etherscan, nor when @openzeppelin/contracts are installed locally and solc-remaps is provided, either as config file or on command line.

For instance:

slither 0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e --etherscan-apikey <my_api_key> --json ./outputs/slither/0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e.json --no-fail-pedantic --solc-remaps @openzeppelin=node_modules/@openzeppelin Fails with, for instance:

ParserError: Source "@openzeppelin/contracts/access/Ownable.sol" not found: File not found. Searched the following locations: "".
 --> src/modules/price-router/PriceRouter.sol:5:1:
  |
5 | import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";

Notably, remappings are defined on etherscan for the compiler, and also locally, but neither set is being respected. Adding, or leaving off the --solc-remaps flag, or defining a config file and passing that have no effect whatsoever

Code example to reproduce the issue:

https://etherscan.io/address/0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e#code

Version:

currently running 0.9.6. Had the same problem with 0.9.2

Relevant log output:

Error in 0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e
Traceback (most recent call last):
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/slither/__main__.py", line 834, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/slither/__main__.py", line 87, in process_all
    compilations = compile_all(target, **vars(args))
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/crytic_compile.py", line 620, in compile_all
    compilations.append(CryticCompile(target, **kwargs))
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/crytic_compile.py", line 110, in __init__
    self._compile(**kwargs)
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/crytic_compile.py", line 530, in _compile
    self._platform.compile(self, **kwargs)
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/platform/etherscan.py", line 362, in compile
    solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/platform/solc_standard_json.py", line 66, in standalone_compile
    targets_json = run_solc_standard_json(
  File "/Users/skilurus/Library/Python/3.9/lib/python/site-packages/crytic_compile/platform/solc_standard_json.py", line 181, in run_solc_standard_json
    raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: ParserError: ParserError: Source "@openzeppelin/contracts/access/Ownable.sol" not found: File not found. Searched the following locations: "".
 --> src/Registry.sol:4:1:
  |
4 | import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/utils/Address.sol" not found: File not found. Searched the following locations: "".
  --> src/base/Cellar.sol:10:1:
   |
10 | import { Address } from "@openzeppelin/contracts/utils/Address.sol";
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol" not found: File not found. Searched the following locations: "".
  --> src/base/Cellar.sol:11:1:
   |
11 | import { ERC721Holder } from "@openzeppelin/contracts/token/ERC721/utils/ERC721Holder.sol";
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@solmate/auth/Owned.sol" not found: File not found. Searched the following locations: "".
  --> src/base/Cellar.sol:12:1:
   |
12 | import { Owned } from "@solmate/auth/Owned.sol";
   | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/proxy/utils/Initializable.sol" not found: File not found. Searched the following locations: "".
 --> src/base/CellarInitializableV2_1.sol:5:1:
  |
5 | import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/token/ERC20/IERC20.sol" not found: File not found. Searched the following locations: "".
 --> src/interfaces/external/IAaveToken.sol:4:1:
  |
4 | import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@chainlink/contracts/src/v0.8/interfaces/AggregatorV2V3Interface.sol" not found: File not found. Searched the following locations: "".
 --> src/interfaces/external/IChainlinkAggregator.sol:4:1:
  |
4 | import "@chainlink/contracts/src/v0.8/interfaces/AggregatorV2V3Interface.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/access/Ownable.sol" not found: File not found. Searched the following locations: "".
 --> src/modules/price-router/PriceRouter.sol:5:1:
  |
5 | import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@chainlink/contracts/src/v0.8/interfaces/AutomationCompatibleInterface.sol" not found: File not found. Searched the following locations: "".
 --> src/modules/price-router/PriceRouter.sol:6:1:
  |
6 | import { AutomationCompatibleInterface } from "@chainlink/contracts/src/v0.8/interfaces/AutomationCompatibleInterface.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/utils/math/SafeCast.sol" not found: File not found. Searched the following locations: "".
 --> src/modules/price-router/PriceRouter.sol:8:1:
  |
8 | import { SafeCast } from "@openzeppelin/contracts/utils/math/SafeCast.sol";
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ParserError: ParserError: Source "@openzeppelin/contracts/utils/Address.sol" not found: File not found. Searched the following locations: "".
  --> src/modules/price-router/PriceRouter.sol:10:1:
   |
10 | import { Address } from "@openzeppelin/contracts/utils/Address.sol";

[elopez]

Hi @apolishch ! Thanks for the report; could you please confirm if you're running the latest crytic-compile? If you're not, can you upgrade it and let us know if this is still an issue? We added support for automatic solc remaps on etherscan compilations in crytic-compile 0.3.2 with PR https://github.com/crytic/crytic-compile/pull/447

% crytic-compile --version
0.3.4

I have been unable to reproduce this locally with the latest slither & crytic-compile:

% slither 0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e     
'solc --standard-json --allow-paths /private/tmp/foobar/crytic-export/etherscan-contracts/0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e-CellarInitializableV2_1' running
INFO:Detectors:
Multicall.multicall(bytes[]) (src/base/Multicall.sol#13-30) has delegatecall inside a loop in a payable function: (success,result) = address(this).delegatecall(data[i]) (src/base/Multicall.sol#16)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/#payable-functions-using-delegatecall-inside-a-loop
INFO:Detectors: (....)
INFO:Slither:0x97e6e0a40a3d02f12d1cec30ebfbae04e37c119e analyzed (34 contracts with 88 detectors), 236 result(s) found

[apolishch]

@elopez Thank you! That did, indeed, fix the issue for me. Thanks for helping me find this :)