slither icon indicating copy to clipboard operation
slither copied to clipboard
verified publisher icon crytic

[Bug]: Wrong argument detection when a library function is invoked

Open Tiko7454 opened this issue 2 years ago • 0 comments

Describe the issue:

The arguments of the call g() are not processed correctly. https://github.com/crytic/slither/blob/e3dcf1ecd3e9de60da046de471c5663ab637993a/slither/slithir/convert.py#L628 here python tries to find use operator in to check whether using_for has key t or not, but t is list instead of a what it is supposed to be (solidity type or something like that)

Code example to reproduce the issue:

pragma solidity 0.4.23;

library L {
    function g(uint256 c) internal pure {}
}

contract C {
    using L for uint;
    function f() public {
        this.balance.g();
    }
}

Version:

0.10.0

Relevant log output:

'solc --version' running
'solc 75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes,compact-format --allow-paths .,/home/tigran' running
Compilation warnings/errors on 75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol:
75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol:10:9: Warning: Using contract member "balance" inherited from the address type is deprecated. Convert the contract to "address" type to access the member, for example use "address(contract).balance" instead.
        this.balance.g();
        ^----------^
75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol:4:16: Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
    function g(uint256 c) internal pure {}
               ^-------^
75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol:9:5: Warning: Function state mutability can be restricted to view
    function f() public {
    ^ (Relevant source part starts here and spans across multiple lines).

ERROR:SlitherSolcParsing:
Failed to generate IR for C.f. Please open an issue https://github.com/crytic/slither/issues.
C.f (75b3abf31ca0e8ba36bf3938b6095a5b7f8b4c71_ProdPresale.sol#9-11):
 	this.balance.g()
Traceback (most recent call last):
  File "/home/tigran/Projects/slither/slither/.slither/bin/slither", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 727, in main
    main_impl(all_detector_classes=detectors, all_printer_classes=printers)
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 833, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 107, in process_all
    ) = process_single(compilation, args, detector_classes, printer_classes)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/__main__.py", line 80, in process_single
    slither = Slither(target, ast_format=ast, **vars(args))
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 144, in __init__
    self._init_parsing_and_analyses(kwargs.get("skip_analyze", False))
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 164, in _init_parsing_and_analyses
    raise e
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slither.py", line 160, in _init_parsing_and_analyses
    parser.analyze_contracts()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 539, in analyze_contracts
    self._convert_to_slithir()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 766, in _convert_to_slithir
    raise e
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 750, in _convert_to_slithir
    func.generate_slithir_and_analyze()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/core/declarations/function.py", line 1786, in generate_slithir_and_analyze
    node.slithir_generation()
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/core/cfg/node.py", line 716, in slithir_generation
    self._irs = convert_expression(expression, self)  # type:ignore
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slithir/convert.py", line 119, in convert_expression
    result = apply_ir_heuristics(result, node, is_solidity)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slithir/convert.py", line 2017, in apply_ir_heuristics
    irs = propagate_type_and_convert_call(irs, node)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slithir/convert.py", line 536, in propagate_type_and_convert_call
    new_ins = propagate_types(ins, node)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/tigran/Projects/slither/slither/.slither/lib/python3.11/site-packages/slither/slithir/convert.py", line 635, in propagate_types
    if t in using_for or "*" in using_for:
       ^^^^^^^^^^^^^^
TypeError: unhashable type: 'list'

Tiko7454 avatar Nov 03 '23 15:11 Tiko7454