search

crytic / slither

Static Analyzer for Solidity and Vyper
https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/
GNU Affero General Public License v3.0
5.27k stars 964 forks source link

[Bug]: Misinterpretation of literals in legacy-ast #2215

Open Tiko7454 opened 11 months ago

Tiko7454 commented 11 months ago

Describe the issue:

For solidity version 0.4.23 the parsing doens't work properly for the code below. https://github.com/crytic/slither/blob/e3dcf1ecd3e9de60da046de471c5663ab637993a/slither/solc_parsing/solidity_types/type_parsing.py#L430 here str(length) == '"12"' instead of '12'

Code example to reproduce the issue:

pragma solidity 0.4.23;

contract C {
  uint256[12] private c = [4,8,12,16,20,24,28,32,36,40,44,48];
}

Version:

0.10.0

Relevant log output:

'solc --version' running
'solc 757f9a1ca2d3af327111c786ef923e67ab586b03_PreSale.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes,compact-format --allow-paths .,/home/tigran' running
Traceback (most recent call last):
  File "/home/tigran/Projects/slither/slither/.slither/bin/slither", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 727, in main
    main_impl(all_detector_classes=detectors, all_printer_classes=printers)
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 833, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 107, in process_all
    ) = process_single(compilation, args, detector_classes, printer_classes)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 80, in process_single
    slither = Slither(target, ast_format=ast, **vars(args))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 144, in __init__
    self._init_parsing_and_analyses(kwargs.get("skip_analyze", False))
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 164, in _init_parsing_and_analyses
    raise e
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 160, in _init_parsing_and_analyses
    parser.analyze_contracts()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 542, in analyze_contracts
    self._compilation_unit.compute_storage_layout()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/core/compilation_unit.py", line 304, in compute_storage_layout
    size, new_slot = var.type.storage_size
                     ^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/core/solidity_types/array_type.py", line 66, in storage_size
    return elem_size * int(str(self._length_value)), True
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: invalid literal for int() with base 10: '"12"'
shushaaniik commented 10 months ago

The bug above induces another bug with empty emit node in the control flow graph.

Example

pragma solidity ^0.4.21;

contract C {

  event something_wrong(uint256[2]);

  uint256[2] arr = [0, 1];

  function f() public {
    emit something_wrong(arr);
  }
}