search

crytic / slither

Static Analyzer for Solidity and Vyper
https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/
GNU Affero General Public License v3.0
5.25k stars 959 forks source link

[Bug]: Vyper `for` loop over an iterable inside a struct fails #2194

Open trocher opened 11 months ago

trocher commented 11 months ago

Describe the issue:

Slither crashes when analysing a Vyper program that contains a for loop iterating over an array inside a struct.

Likely caused by: https://github.com/crytic/slither/blob/e3dcf1ecd3e9de60da046de471c5663ab637993a/slither/vyper_parsing/declarations/function.py#L331 As it seems that Slither is assuming that if the iterable is an Attribute, it must be something like self.[smth] (a state variable) but the Attribute AST node is also used for struct accessing.

Code example to reproduce the issue:

struct A:
    a: uint256[3]

@external
def foo():
    x: A = A({a:[1,2,3]})
    temp:uint256 = 0
    for i in x.a:
        temp += i

Version:

0.10.0

Relevant log output:

Traceback (most recent call last):
  File "/home/csdocker/.local/bin/slither", line 8, in <module>
    sys.exit(main())
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/__main__.py", line 727, in main
    main_impl(all_detector_classes=detectors, all_printer_classes=printers)
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/__main__.py", line 833, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/__main__.py", line 107, in process_all
    ) = process_single(compilation, args, detector_classes, printer_classes)
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/__main__.py", line 80, in process_single
    slither = Slither(target, ast_format=ast, **vars(args))
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/slither.py", line 144, in __init__
    self._init_parsing_and_analyses(kwargs.get("skip_analyze", False))
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/slither.py", line 164, in _init_parsing_and_analyses
    raise e
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/slither.py", line 160, in _init_parsing_and_analyses
    parser.analyze_contracts()
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/vyper_parsing/vyper_compilation_unit.py", line 61, in analyze_contracts
    contract_parser.analyze()
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/vyper_parsing/declarations/contract.py", line 521, in analyze
    function.analyze_content()
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/vyper_parsing/declarations/function.py", line 186, in analyze_content
    self._parse_cfg(body)
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/vyper_parsing/declarations/function.py", line 523, in _parse_cfg
    curr_node = parse_statement(curr_node, expr)
  File "/home/csdocker/.local/pipx/venvs/slither-analyzer/lib/python3.10/site-packages/slither/vyper_parsing/declarations/function.py", line 333, in parse_statement
    loop_iterator = list(
IndexError: list index out of range
0xalpharush commented 11 months ago

Thanks for these examples! This is related to https://github.com/vyperlang/vyper/issues/3582 and https://github.com/vyperlang/vyper/issues/3475, but we may be able to workaround