Error while analysis

[mandalabhash]

got the following error:

""" (albert㉿aimmore)-[~/Desktop/lpu_presentation/Supplement/Slither Myth] └─$ slither ./3.sol
'solc --version' running Traceback (most recent call last): File "/home/albert/.local/bin/slither", line 8, in sys.exit(main()) ^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/slither/main.py", line 776, in main main_impl(all_detector_classes=detectors, all_printer_classes=printers) File "/home/albert/.local/lib/python3.11/site-packages/slither/main.py", line 882, in main_impl ) = process_all(filename, args, detector_classes, printer_classes) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/slither/main.py", line 96, in process_all compilations = compile_all(target, vars(args)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/crytic_compile.py", line 722, in compile_all compilations.append(CryticCompile(target, kwargs)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/crytic_compile.py", line 211, in init self._compile(kwargs) File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile self._platform.compile(self, kwargs) File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/platform/solc.py", line 151, in compile targets_json = _get_targets_json(compilation_unit, self._target, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/platform/solc.py", line 280, in _get_targets_json return _run_solc( ^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/platform/solc.py", line 497, in _run_solc compiler="solc", version=get_version(solc, env), optimized=is_optimized(solc_arguments) ^^^^^^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/crytic_compile/platform/solc.py", line 395, in get_version raise InvalidCompilation( crytic_compile.platform.exceptions.InvalidCompilation: Solidity version not found: STDOUT:

STDERR: Traceback (most recent call last): File "/home/albert/.local/bin/solc", line 8, in sys.exit(solc()) ^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/solc_select/main.py", line 87, in solc res = current_version() ^^^^^^^^^^^^^^^^^ File "/home/albert/.local/lib/python3.11/site-packages/solc_select/solc_select.py", line 67, in current_version raise argparse.ArgumentTypeError( argparse.ArgumentTypeError: No solc version set. Run solc-select use VERSION or set SOLC_VERSION environment variable.

┌──(albert㉿aimmore)-[~/Desktop/lpu_presentation/Supplement/Slither Myth] └─$ """

[mandalabhash]

Later with some chatgpt help 😆

┌──(albert㉿aimmore)-[~/Desktop/lpu_presentation/Supplement/Slither Myth] └─$ solc-select install 0.4.16
Installing solc '0.4.16'... Version '0.4.16' installed.

┌──(albert㉿aimmore)-[~/Desktop/lpu_presentation/Supplement/Slither Myth] └─$ solc-select use 0.4.16
Switched global version to 0.4.16

┌──(albert㉿aimmore)-[~/Desktop/lpu_presentation/Supplement/Slither Myth] └─$ slither ./3.sol --json audit3sol.json 'solc --version' running 'solc ./3.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes,compact-format --allow-paths .,/home/albert/Desktop/lpu_presentation/Supplement/Slither Myth' running

EthTxOrderDependenceMinimal.setReward() (3.sol#12-18) should emit an event for:

• reward = msg.value (3.sol#17) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-events-arithmetic

Version constraint ^0.4.16 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)

• DirtyBytesArrayToStorage
• ABIDecodeTwoDimensionalArrayMemory
• KeccakCaching
• EmptyByteArrayCopy
• DynamicArrayCleanup
• ImplicitConstructorCallvalueCheck
• TupleAssignmentMultiStackSlotComponents
• MemoryArrayCreationOverflow
• privateCanBeOverridden
• SignedArrayStorageCopy
• ABIEncoderV2StorageArrayWithMultiSlotElement
• DynamicConstructorArgumentsClippedABIV2
• UninitializedFunctionPointerInConstructor_0.4.x
• IncorrectEventSignatureInLibraries_0.4.x
• ExpExponentCleanup
• NestedArrayFunctionCallDecoder
• ZeroFunctionSelector. It is used by:
• ^0.4.16 (3.sol#1) solc-0.4.16 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Reentrancy in EthTxOrderDependenceMinimal.claimReward(uint256) (3.sol#20-25): External calls:

• msg.sender.transfer(reward) (3.sol#23) State variables written after the call(s):
• claimed = true (3.sol#24) Reentrancy in EthTxOrderDependenceMinimal.setReward() (3.sol#12-18): External calls:
• owner.transfer(reward) (3.sol#16) State variables written after the call(s):
• reward = msg.value (3.sol#17) Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4 ./3.sol analyzed (1 contracts with 93 detectors), 5 result(s) found

[nautical]

Good work ! As mentioned in error : argparse.ArgumentTypeError: No solc version set. Run solc-select use VERSION or set SOLC_VERSION environment variable.

Issue was installing and selecting correct solidity version

Here is the repo for solc-select : https://github.com/crytic/solc-select

[mandalabhash]

Thank you sir!

[mandalabhash]

Slither Audit Report

Contract: 3.sol

---

1. Missing Event for setReward Function

• Function: EthTxOrderDependenceMinimal.setReward() (3.sol#12-18)
• Issue: The setReward() function updates the state variable reward (3.sol#17) but does not emit an event for this action.

---

2. Use of Outdated Solidity Version

• Version Used: ^0.4.16 (3.sol#1)
• Issue: The Solidity version ^0.4.16 is outdated and contains several known issues, including:
  • DirtyBytesArrayToStorage
  • ABIDecodeTwoDimensionalArrayMemory
  • KeccakCaching
  • EmptyByteArrayCopy
  • DynamicArrayCleanup
  • ImplicitConstructorCallvalueCheck
  • TupleAssignmentMultiStackSlotComponents
  • MemoryArrayCreationOverflow
  • privateCanBeOverridden
  • SignedArrayStorageCopy
  • ABIEncoderV2StorageArrayWithMultiSlotElement
  • DynamicConstructorArgumentsClippedABIV2
  • UninitializedFunctionPointerInConstructor_0.4.x
  • IncorrectEventSignatureInLibraries_0.4.x
  • ExpExponentCleanup
  • NestedArrayFunctionCallDecoder
  • ZeroFunctionSelector

---

3. Reentrancy Vulnerability in claimReward

• Function: EthTxOrderDependenceMinimal.claimReward(uint256) (3.sol#20-25)
• Issue: The function includes an external call to msg.sender.transfer(reward) (3.sol#23), followed by writing to the state variable claimed = true (3.sol#24). This opens the contract to a reentrancy attack, where an attacker could potentially re-enter the contract and manipulate the contract’s state before the transfer is completed.

---

4. Reentrancy Vulnerability in setReward

• Function: EthTxOrderDependenceMinimal.setReward() (3.sol#12-18)
• Issue: The function makes an external call to owner.transfer(reward) (3.sol#16), followed by updating the state variable reward = msg.value (3.sol#17). This sequence makes the contract vulnerable to reentrancy attacks.

---

Conclusion

The smart contract contains several critical issues:

1. Missing events in the setReward() function.
2. Use of an outdated Solidity version with known vulnerabilities.
3. Reentrancy vulnerabilities in both claimReward() and setReward() functions.