crytic
(nitpick): Include detector identifier in warning output to avoid confusions
Describe the desired feature
Currently, Slither’s warnings do not include the specific detector’s identifier, and include a "similar" but not exact approximation that attempts to be human readable, which results misleading when trying to disable a specific rule.
When encountering a false positive, users often reach for
// slither-disable-next-line <DETECTOR>
However, the warnings themselves do not show which <DETECTOR> identifier to use.
Instead, Slither includes a documentation link such as:
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations
This may mislead users (like me) into thinking that the identifier is functions-that-send-ether-to-arbitrary-destinations, which is incorrect. As a result, attempts to disable the detector fail silently, leaving users confused and debugging why the tool ins't working properly.
Here’s an example warning:
ReHypothecationNativeMock._transferFromSenderToHook(Currency,uint256,address) (src/mocks/ReHypothecationNativeMock.sol#113-124) sends eth to arbitrary user
Dangerous calls:
- (success,None) = msg.sender.call{value: msg.value - amount}() (src/mocks/ReHypothecationNativeMock.sol#118)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations
I suggest one of the following:
- Update the documentation link to use the actual detector identifier, e.g.
https://github.com/crytic/slither/wiki/Detector-Documentation#arbitrary-send-eth
- Keep the current link but add the identifier explicitly in the output, e.g.
DETECTOR: arbitrary-send-eth
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations
This change doesn’t alter Slither’s functionality but makes it easier for developers to understand which detector triggered a warning and how to disable it correctly.
Thank you in advance!
