From 6a72fcdf8ef7d737f5375c2539aaa66f64cb0bc3 Mon Sep 17 00:00:00 2001 From: neo Date: Sun, 21 Aug 2022 20:42:48 +0300 Subject: [PATCH 1/4] =?UTF-8?q?=09=D0=B8=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5?= =?UTF-8?q?=D0=BD=D0=BE:=20=20=20=20=20=20solidity/arbitrary-low-level-cal?= =?UTF-8?q?l.yaml=20=09solidity/default=5Fvisibility.sol=20=09solidity/def?= =?UTF-8?q?ault=5Fvisibility.yaml=20=09solidity/potential=5Freentrancy.sol?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solidity/arbitrary-low-level-call.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/solidity/arbitrary-low-level-call.yaml b/solidity/arbitrary-low-level-call.yaml index eed5b5e..911f6db 100644 --- a/solidity/arbitrary-low-level-call.yaml +++ b/solidity/arbitrary-low-level-call.yaml @@ -26,6 +26,7 @@ rules: - pattern: $ADDR.call($DATA); - pattern: $ADDR.call{$VALUE:...}($DATA); - pattern: $ADDR.call{$VALUE:..., $GAS:...}($DATA); + - pattern: $ADDR.call.value($VALUE)($DATA); languages: - solidity severity: ERROR From 0c3ada0a20dc08f0042452d8ecb89f7925c161c4 Mon Sep 17 00:00:00 2001 From: neo Date: Sun, 21 Aug 2022 20:46:59 +0300 Subject: [PATCH 2/4] =?UTF-8?q?=09=D0=BD=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=84?= =?UTF-8?q?=D0=B0=D0=B9=D0=BB:=20=20=20=20solidity/default=5Fvisibility.so?= =?UTF-8?q?l=20=09=D0=BD=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=84=D0=B0=D0=B9?= =?UTF-8?q?=D0=BB:=20=20=20=20solidity/default=5Fvisibility.yaml=20=09?= =?UTF-8?q?=D0=BD=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=84=D0=B0=D0=B9=D0=BB:=20?= =?UTF-8?q?=20=20=20solidity/potential=5Freentrancy.sol?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solidity/default_visibility.sol | 9 +++++ solidity/default_visibility.yaml | 67 +++++++++++++++++++++++++++++++ solidity/potential_reentrancy.sol | 18 +++++++++ 3 files changed, 94 insertions(+) create mode 100644 solidity/default_visibility.sol create mode 100644 solidity/default_visibility.yaml create mode 100644 solidity/potential_reentrancy.sol diff --git a/solidity/default_visibility.sol b/solidity/default_visibility.sol new file mode 100644 index 0000000..ade2dfe --- /dev/null +++ b/solidity/default_visibility.sol @@ -0,0 +1,9 @@ +contract Vuln { + function f1() {} + function f2(uint a) payable returns (uint256) { + + } + function f3() private { + + } +} diff --git a/solidity/default_visibility.yaml b/solidity/default_visibility.yaml new file mode 100644 index 0000000..321bed2 --- /dev/null +++ b/solidity/default_visibility.yaml @@ -0,0 +1,67 @@ +rules: +- + id: default_visibility + patterns: + - pattern: | + function $F(...) { + ... + } + - pattern-not: | + function $F(...) private { + ... + } + - pattern-not: | + function $F(...) internal { + ... + } + - pattern-not: | + function $F(...) external { + ... + } + - pattern-not: | + function $F(...) public { + ... + } + - pattern-not: | + function $F(...) { + require(<... msg.sender == owner ...>); + ... + } + - pattern-not: function $F(...) onlyOwner { ... } + - pattern-not: function $F(...) onlyVault { ... } + - pattern-not: function $F(...) onlyMinter { ... } + - pattern-not: function $F(...) onlyBridge { ... } + - pattern-not: function $F(...) onlyOperator { ... } + - pattern-not: function $F(...) onlyFactory { ... } + - pattern-not: function $F(...) onlyAdmin { ... } + - pattern-not: function $F(...) onlyController { ... } + - pattern-not: function $F(...) hasMintBurnRole { ... } + - pattern-not: function $F(...) onlyBondlyStaking { ... } + - pattern-not: function $F(...) onlyApproved { ... } + - pattern-not: function $F(...) onlyTrusted { ... } + - pattern-not: function $F(...) onlyAdminOrOwner { ... } + - pattern-not: function $F(...) onlyOwnerOrMinter { ... } + - pattern-not: function $F(...) onlyMinterAndOwner { ... } + - pattern-not: function $F(...) onlyValidator { ... } + - pattern-not: function $F(...) onlyCore { ... } + - pattern-not: function $F(...) onlyMarket { ... } + - pattern-not: function $F(...) requiresTrust { ... } + - pattern-not: function $F(...) onlyOpeth { ... } + - pattern-not: function $F(...) onlyGovernance { ... } + - pattern-not: function $F(...) onlyStaking { ... } + - pattern-not: function $F(...) onlyDAO { ... } + - pattern-not: function $F(...) onlyBurner(from) { ... } + - pattern-not: function $F(...) onlyBurner { ... } + - pattern-not: function $F(...) auth { ... } + - pattern-not: function $F(...) isBridge { ... } + - pattern-not: function $F(...) managerOnly { ... } + - pattern-not: function $F(...) onlyHasRole(BURNER_ROLE) { ... } + - pattern-not: function $F(...) onlyRole(BURNER_ROLE) { ... } + - pattern-not: function $F(...) onlyRole(MINTER_ROLE) { ... } + - pattern-not: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } + - pattern-not: function $F(...) onlyBy(treasuryPoolAddress) { ... } + - pattern-not: function $F(...) onlyBy(farmingPoolAddress) { ... } + + message: function $F has default visibility + languages: [solidity] + severity: ERROR diff --git a/solidity/potential_reentrancy.sol b/solidity/potential_reentrancy.sol new file mode 100644 index 0000000..e29c0fb --- /dev/null +++ b/solidity/potential_reentrancy.sol @@ -0,0 +1,18 @@ +contract Vuln { + function f() isBridge { + msg.sender.call.value(5 ether)(""); + } + function f(address a) onlyOwner { + a.call.value(5 ether)(""); + } + function fn() private { + msg.sender.call.value(5 ether)(""); + } + function fbb() { + address a = msg.sender; + a.call{value:5}("ff"); + } + function fcc() nonReentrant { + msg.sender.call{value: msg.value}(""); + } +} From bf599b26c0323623ee751853936860aaff755567 Mon Sep 17 00:00:00 2001 From: neo Date: Sun, 21 Aug 2022 20:51:26 +0300 Subject: [PATCH 3/4] =?UTF-8?q?=09=D0=BD=D0=BE=D0=B2=D1=8B=D0=B9=20=D1=84?= =?UTF-8?q?=D0=B0=D0=B9=D0=BB:=20=20=20=20solidity/potensial=5Freentrancy.?= =?UTF-8?q?yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solidity/potensial_reentrancy.yaml | 67 ++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 solidity/potensial_reentrancy.yaml diff --git a/solidity/potensial_reentrancy.yaml b/solidity/potensial_reentrancy.yaml new file mode 100644 index 0000000..c1bf8f2 --- /dev/null +++ b/solidity/potensial_reentrancy.yaml @@ -0,0 +1,67 @@ +rules: +- + id: potensial_reentrancy + patterns: + - pattern-not-inside: function $F(...) onlyOwner { ... } + - pattern-not-inside: function $F(...) onlyVault { ... } + - pattern-not-inside: function $F(...) onlyMinter { ... } + - pattern-not-inside: function $F(...) onlyBridge { ... } + - pattern-not-inside: function $F(...) onlyOperator { ... } + - pattern-not-inside: function $F(...) onlyFactory { ... } + - pattern-not-inside: function $F(...) onlyAdmin { ... } + - pattern-not-inside: function $F(...) onlyController { ... } + - pattern-not-inside: function $F(...) hasMintBurnRole { ... } + - pattern-not-inside: function $F(...) onlyBondlyStaking { ... } + - pattern-not-inside: function $F(...) onlyApproved { ... } + - pattern-not-inside: function $F(...) onlyTrusted { ... } + - pattern-not-inside: function $F(...) onlyAdminOrOwner { ... } + - pattern-not-inside: function $F(...) onlyOwnerOrMinter { ... } + - pattern-not-inside: function $F(...) onlyMinterAndOwner { ... } + - pattern-not-inside: function $F(...) onlyValidator { ... } + - pattern-not-inside: function $F(...) onlyCore { ... } + - pattern-not-inside: function $F(...) onlyMarket { ... } + - pattern-not-inside: function $F(...) requiresTrust { ... } + - pattern-not-inside: function $F(...) onlyOpeth { ... } + - pattern-not-inside: function $F(...) onlyGovernance { ... } + - pattern-not-inside: function $F(...) onlyStaking { ... } + - pattern-not-inside: function $F(...) onlyDAO { ... } + - pattern-not-inside: function $F(...) onlyBurner(from) { ... } + - pattern-not-inside: function $F(...) onlyBurner { ... } + - pattern-not-inside: function $F(...) auth { ... } + - pattern-not-inside: function $F(...) isBridge { ... } + - pattern-not-inside: function $F(...) managerOnly { ... } + - pattern-not-inside: function $F(...) onlyHasRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(MINTER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyBy(treasuryPoolAddress) { ... } + - pattern-not-inside: function $F(...) onlyBy(farmingPoolAddress) { ... } + - pattern-not-inside: function $F(...) nonReentrant {...} + - pattern-not-inside: function $F(...) callerIsUser {...} + - pattern-not-inside: | + function $F(...) { + ... + require(tx.origin == msg.sender); + ... + } + - pattern-either: + - pattern-inside: | + function $F(address $ADDR) { + ... + } + - pattern-inside: | + function $F(...) { + ... + } + - pattern-either: + - pattern: $ADDR.call{value:...}(...); + - pattern: $ADDR.call.value(...)(...); + - pattern: msg.sender.call{value:...}(...); + - pattern: msg.sender.call.value(...)(...); + message: potensial reentrancy in function $F + options: + symbolic_propagation: true + languages: + - solidity + severity: ERROR + From 546678e369c04a97f4b2799d90e52f726f11cce0 Mon Sep 17 00:00:00 2001 From: neo Date: Mon, 22 Aug 2022 10:01:52 +0300 Subject: [PATCH 4/4] =?UTF-8?q?=09=D0=B8=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5?= =?UTF-8?q?=D0=BD=D0=BE:=20=20=20=20=20=20solidity/default=5Fvisibility.ya?= =?UTF-8?q?ml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solidity/default_visibility.yaml | 81 ++++++++++++++++---------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/solidity/default_visibility.yaml b/solidity/default_visibility.yaml index 321bed2..d81fd09 100644 --- a/solidity/default_visibility.yaml +++ b/solidity/default_visibility.yaml @@ -2,65 +2,66 @@ rules: - id: default_visibility patterns: - - pattern: | + - pattern-inside: | function $F(...) { ... } - - pattern-not: | + - pattern-not-inside: | function $F(...) private { ... } - - pattern-not: | + - pattern-not-inside: | function $F(...) internal { ... } - - pattern-not: | + - pattern-not-inside: | function $F(...) external { ... } - - pattern-not: | + - pattern-not-inside: | function $F(...) public { ... } - - pattern-not: | + - pattern-not-inside: | function $F(...) { require(<... msg.sender == owner ...>); ... } - - pattern-not: function $F(...) onlyOwner { ... } - - pattern-not: function $F(...) onlyVault { ... } - - pattern-not: function $F(...) onlyMinter { ... } - - pattern-not: function $F(...) onlyBridge { ... } - - pattern-not: function $F(...) onlyOperator { ... } - - pattern-not: function $F(...) onlyFactory { ... } - - pattern-not: function $F(...) onlyAdmin { ... } - - pattern-not: function $F(...) onlyController { ... } - - pattern-not: function $F(...) hasMintBurnRole { ... } - - pattern-not: function $F(...) onlyBondlyStaking { ... } - - pattern-not: function $F(...) onlyApproved { ... } - - pattern-not: function $F(...) onlyTrusted { ... } - - pattern-not: function $F(...) onlyAdminOrOwner { ... } - - pattern-not: function $F(...) onlyOwnerOrMinter { ... } - - pattern-not: function $F(...) onlyMinterAndOwner { ... } - - pattern-not: function $F(...) onlyValidator { ... } - - pattern-not: function $F(...) onlyCore { ... } - - pattern-not: function $F(...) onlyMarket { ... } - - pattern-not: function $F(...) requiresTrust { ... } - - pattern-not: function $F(...) onlyOpeth { ... } - - pattern-not: function $F(...) onlyGovernance { ... } - - pattern-not: function $F(...) onlyStaking { ... } - - pattern-not: function $F(...) onlyDAO { ... } - - pattern-not: function $F(...) onlyBurner(from) { ... } - - pattern-not: function $F(...) onlyBurner { ... } - - pattern-not: function $F(...) auth { ... } - - pattern-not: function $F(...) isBridge { ... } - - pattern-not: function $F(...) managerOnly { ... } - - pattern-not: function $F(...) onlyHasRole(BURNER_ROLE) { ... } - - pattern-not: function $F(...) onlyRole(BURNER_ROLE) { ... } - - pattern-not: function $F(...) onlyRole(MINTER_ROLE) { ... } - - pattern-not: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } - - pattern-not: function $F(...) onlyBy(treasuryPoolAddress) { ... } - - pattern-not: function $F(...) onlyBy(farmingPoolAddress) { ... } + - pattern-not-inside: | + - pattern-not-inside: function $F(...) onlyOwner { ... } + - pattern-not-inside: function $F(...) onlyVault { ... } + - pattern-not-inside: function $F(...) onlyMinter { ... } + - pattern-not-inside: function $F(...) onlyBridge { ... } + - pattern-not-inside: function $F(...) onlyOperator { ... } + - pattern-not-inside: function $F(...) onlyFactory { ... } + - pattern-not-inside: function $F(...) onlyAdmin { ... } + - pattern-not-inside: function $F(...) onlyController { ... } + - pattern-not-inside: function $F(...) hasMintBurnRole { ... } + - pattern-not-inside: function $F(...) onlyBondlyStaking { ... } + - pattern-not-inside: function $F(...) onlyApproved { ... } + - pattern-not-inside: function $F(...) onlyTrusted { ... } + - pattern-not-inside: function $F(...) onlyAdminOrOwner { ... } + - pattern-not-inside: function $F(...) onlyOwnerOrMinter { ... } + - pattern-not-inside: function $F(...) onlyMinterAndOwner { ... } + - pattern-not-inside: function $F(...) onlyValidator { ... } + - pattern-not-inside: function $F(...) onlyCore { ... } + - pattern-not-inside: function $F(...) onlyMarket { ... } + - pattern-not-inside: function $F(...) requiresTrust { ... } + - pattern-not-inside: function $F(...) onlyOpeth { ... } + - pattern-not-inside: function $F(...) onlyGovernance { ... } + - pattern-not-inside: function $F(...) onlyStaking { ... } + - pattern-not-inside: function $F(...) onlyDAO { ... } + - pattern-not-inside: function $F(...) onlyBurner(from) { ... } + - pattern-not-inside: function $F(...) onlyBurner { ... } + - pattern-not-inside: function $F(...) auth { ... } + - pattern-not-inside: function $F(...) isBridge { ... } + - pattern-not-inside: function $F(...) managerOnly { ... } + - pattern-not-inside: function $F(...) onlyHasRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(BURNER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(MINTER_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyRole(DEFAULT_ADMIN_ROLE) { ... } + - pattern-not-inside: function $F(...) onlyBy(treasuryPoolAddress) { ... } + - pattern-not-inside: function $F(...) onlyBy(farmingPoolAddress) { ... } message: function $F has default visibility languages: [solidity]