diff --git a/solidity/arbitrary-low-level-call.yaml b/solidity/arbitrary-low-level-call.yaml index eed5b5e..911f6db 100644 --- a/solidity/arbitrary-low-level-call.yaml +++ b/solidity/arbitrary-low-level-call.yaml @@ -26,6 +26,7 @@ rules: - pattern: $ADDR.call($DATA); - pattern: $ADDR.call{$VALUE:...}($DATA); - pattern: $ADDR.call{$VALUE:..., $GAS:...}($DATA); + - pattern: $ADDR.call.value($VALUE)($DATA); languages: - solidity severity: ERROR diff --git a/solidity/default_visibility.sol b/solidity/default_visibility.sol new file mode 100644 index 0000000..ade2dfe --- /dev/null +++ b/solidity/default_visibility.sol @@ -0,0 +1,9 @@ +contract Vuln { + function f1() {} + function f2(uint a) payable returns (uint256) { + + } + function f3() private { + + } +} diff --git a/solidity/default_visibility.yaml b/solidity/default_visibility.yaml new file mode 100644 index 0000000..d81fd09 --- /dev/null +++ b/solidity/default_visibility.yaml @@ -0,0 +1,68 @@ +rules: +- + id: default_visibility + patterns: + - pattern-inside: | + function $F(...) { + ... + } + - pattern-not-inside: | + function $F(...) private { + ... + } + - pattern-not-inside: | + function $F(...) internal { + ... + } + - pattern-not-inside: | + function $F(...) external { + ... + } + - pattern-not-inside: | + function $F(...) public { + ... + } + - pattern-not-inside: | + function $F(...) { + require(<... msg.sender == owner ...>); + ... + } + - pattern-not-inside: | + - pattern-not-inside: function $F(...) onlyOwner { ... } + - pattern-not-inside: function $F(...) onlyVault { ... } + - pattern-not-inside: function $F(...) onlyMinter { ... } + - pattern-not-inside: function $F(...) onlyBridge { ... } + - pattern-not-inside: function $F(...) onlyOperator { ... } + - pattern-not-inside: function $F(...) onlyFactory { ... } + - pattern-not-inside: function $F(...) onlyAdmin { ... } + - pattern-not-inside: function $F(...) onlyController { ... } + - pattern-not-inside: function $F(...) hasMintBurnRole { ... } + - pattern-not-inside: function $F(...) onlyBondlyStaking { ... } + - pattern-not-inside: function $F(...) onlyApproved { ... } + - pattern-not-inside: function $F(...) onlyTrusted { ... } + - pattern-not-inside: function $F(...) onlyAdminOrOwner { ... } + - pattern-not-inside: function $F(...) onlyOwnerOrMinter { ... } + - pattern-not-inside: function $F(...) onlyMinterAndOwner { ... } + - pattern-not-inside: function $F(...) onlyValidator { ... } + - pattern-not-inside: function $F(...) onlyCore { ... } + - pattern-not-inside: function $F(...) onlyMarket { ... } + - pattern-not-inside: function $F(...) requiresTrust { ... } + - pattern-not-inside: function $F(...) onlyOpeth { ... } + - pattern-not-inside: function $F(...) onlyGovernance { ... } + - pattern-not-inside: function $F(...) onlyStaking { ... } + - pattern-not-inside: function $F(...) onlyDAO { ... } + - pattern-not-inside: function $F(...) onlyBurner(from) { ... } + - pattern-not-inside: function $F(...) onlyBurner { ... } + - pattern-not-inside: function $F(...) auth { ... } + - pattern-not-inside: function $F(...) isBridge { ... } + - pattern-not-inside: function $F(...) managerOnly { ... } + - pattern-not-inside: function $F(...) onlyHasRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(MINTER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyBy(treasuryPoolAddress) { ... } + - pattern-not-inside: function $F(...) onlyBy(farmingPoolAddress) { ... } + + message: function $F has default visibility + languages: [solidity] + severity: ERROR diff --git a/solidity/potensial_reentrancy.yaml b/solidity/potensial_reentrancy.yaml new file mode 100644 index 0000000..c1bf8f2 --- /dev/null +++ b/solidity/potensial_reentrancy.yaml @@ -0,0 +1,67 @@ +rules: +- + id: potensial_reentrancy + patterns: + - pattern-not-inside: function $F(...) onlyOwner { ... } + - pattern-not-inside: function $F(...) onlyVault { ... } + - pattern-not-inside: function $F(...) onlyMinter { ... } + - pattern-not-inside: function $F(...) onlyBridge { ... } + - pattern-not-inside: function $F(...) onlyOperator { ... } + - pattern-not-inside: function $F(...) onlyFactory { ... } + - pattern-not-inside: function $F(...) onlyAdmin { ... } + - pattern-not-inside: function $F(...) onlyController { ... } + - pattern-not-inside: function $F(...) hasMintBurnRole { ... } + - pattern-not-inside: function $F(...) onlyBondlyStaking { ... } + - pattern-not-inside: function $F(...) onlyApproved { ... } + - pattern-not-inside: function $F(...) onlyTrusted { ... } + - pattern-not-inside: function $F(...) onlyAdminOrOwner { ... } + - pattern-not-inside: function $F(...) onlyOwnerOrMinter { ... } + - pattern-not-inside: function $F(...) onlyMinterAndOwner { ... } + - pattern-not-inside: function $F(...) onlyValidator { ... } + - pattern-not-inside: function $F(...) onlyCore { ... } + - pattern-not-inside: function $F(...) onlyMarket { ... } + - pattern-not-inside: function $F(...) requiresTrust { ... } + - pattern-not-inside: function $F(...) onlyOpeth { ... } + - pattern-not-inside: function $F(...) onlyGovernance { ... } + - pattern-not-inside: function $F(...) onlyStaking { ... } + - pattern-not-inside: function $F(...) onlyDAO { ... } + - pattern-not-inside: function $F(...) onlyBurner(from) { ... } + - pattern-not-inside: function $F(...) onlyBurner { ... } + - pattern-not-inside: function $F(...) auth { ... } + - pattern-not-inside: function $F(...) isBridge { ... } + - pattern-not-inside: function $F(...) managerOnly { ... } + - pattern-not-inside: function $F(...) onlyHasRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(MINTER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyBy(treasuryPoolAddress) { ... } + - pattern-not-inside: function $F(...) onlyBy(farmingPoolAddress) { ... } + - pattern-not-inside: function $F(...) nonReentrant {...} + - pattern-not-inside: function $F(...) callerIsUser {...} + - pattern-not-inside: | + function $F(...) { + ... + require(tx.origin == msg.sender); + ... + } + - pattern-either: + - pattern-inside: | + function $F(address $ADDR) { + ... + } + - pattern-inside: | + function $F(...) { + ... + } + - pattern-either: + - pattern: $ADDR.call{value:...}(...); + - pattern: $ADDR.call.value(...)(...); + - pattern: msg.sender.call{value:...}(...); + - pattern: msg.sender.call.value(...)(...); + message: potensial reentrancy in function $F + options: + symbolic_propagation: true + languages: + - solidity + severity: ERROR + diff --git a/solidity/potential_reentrancy.sol b/solidity/potential_reentrancy.sol new file mode 100644 index 0000000..e29c0fb --- /dev/null +++ b/solidity/potential_reentrancy.sol @@ -0,0 +1,18 @@ +contract Vuln { + function f() isBridge { + msg.sender.call.value(5 ether)(""); + } + function f(address a) onlyOwner { + a.call.value(5 ether)(""); + } + function fn() private { + msg.sender.call.value(5 ether)(""); + } + function fbb() { + address a = msg.sender; + a.call{value:5}("ff"); + } + function fcc() nonReentrant { + msg.sender.call{value: msg.value}(""); + } +}