If I understand the announcement in README.md correctly, then the examples directory contains contracts that have been manually confirmed to be vulnerable.
Why is RipplePayMain.sol marked as being susceptible to the delegatecall_dangerous weakness? The Solidity file does not contain a single delegatecall instruction.
The corresponding runtime code, RipplePayMain.bin-runtime, seems to contain a DELEGATECALL. However, the byte 0xF4 only occurs in the metadata section and thus cannot be executed. So no possibility for this weakness here either.
If I understand the announcement in README.md correctly, then the
examples
directory contains contracts that have been manually confirmed to be vulnerable.Why is RipplePayMain.sol marked as being susceptible to the
delegatecall_dangerous
weakness? The Solidity file does not contain a single delegatecall instruction. The corresponding runtime code, RipplePayMain.bin-runtime, seems to contain aDELEGATECALL
. However, the byte0xF4
only occurs in the metadata section and thus cannot be executed. So no possibility for this weakness here either.