search

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Apache License 2.0
215 stars 50 forks source link

Errors in TODTransfer Pattern #45

Open ritzdorf opened 5 years ago

ritzdorf commented 5 years ago

Reference: https://github.com/eth-sri/securify/blob/604fb579758d796a6ec4383d43ceb7a2de0b6ece/src/test/java/ch/securify/patterns/TODTransferTest.java#L36

Additional examples:

pragma solidity 0.4.24;

contract game {
  bool won = false;

  function play() public {
    if (!won) {
      won = true;
      msg.sender.transfer(1);
    }
  }

  function play2() public {
    require(!won);
    won = true;
    msg.sender.transfer(1);
  }
}

play and play2 have different analysis results with regards to TODTransfer.

pragma solidity 0.4.24;

contract game {
  bool won = false;

  function play() public {
    if (!won) {
      won = true;
      msg.sender.transfer(10 ** 18);
    } else {
      msg.sender.transfer(10 ** 18);
    }
    msg.sender.transfer(10 ** 18);
  }
}

The last transfer is also tagged as TODTransfer. It is unclear whether that is desirable or not.