Merge pull request #855 from crytic/dev-isprotected

montyly · web-flow · commit 000c8c0fc7b8 · 2021-06-04T15:05:34.000+02:00
Relax is_protected heuristic
diff --git a/slither/core/declarations/function.py b/slither/core/declarations/function.py
@@ -1405,7 +1405,11 @@ def is_protected(self) -> bool:
         """
             Determine if the function is protected using a check on msg.sender
 
-            Only detects if msg.sender is directly used in a condition
+            Consider onlyOwner as a safe modifier.
+            If the owner functionality is incorrectly implemented, this will lead to incorrectly
+            classify the function as protected
+
+            Otherwise only detects if msg.sender is directly used in a condition
             For example, it wont work for:
                 address a = msg.sender
                 require(a == owner)
@@ -1417,6 +1421,9 @@ def is_protected(self) -> bool:
             if self.is_constructor:
                 self._is_protected = True
                 return True
+            if "onlyOwner" in [m.name for m in self.modifiers]:
+                self._is_protected = True
+                return True
             conditional_vars = self.all_conditional_solidity_variables_read(include_loop=False)
             args_vars = self.all_solidity_variables_used_as_args()
             self._is_protected = (
