update name/difficulty for felt252 detector

crytic · Sep 5, 2023 · 5326359 · 5326359
1 parent a44ef42
commit 5326359
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -70,7 +70,7 @@ Num | Detector | What it Detects | Impact | Confidence | Cairo
 --- | --- | --- | --- | --- | ---
 1 | `controlled-library-call` | Library calls with a user controlled class hash | High | Medium | 1 & 2
 2 | `unchecked-l1-handler-from` | Detect L1 handlers without from address check | High | Medium | 1 & 2
-3 | `felt252-overflow` | Detect user controlled operations with felt252 type, which is not overflow safe | High | Medium | 1 & 2
+3 | `felt252-unsafe-arithmetic` | Detect user controlled operations with felt252 type, which is not overflow/underflow safe | Medium | Medium | 1 & 2
 4 | `reentrancy` | Detect when a storage variable is read before an external call and written after | Medium | Medium | 1 & 2
 5 | `read-only-reentrancy` | Detect when a view function read a storage variable written after an external call | Medium | Medium | 1 & 2
 6 | `unused-events` | Events defined but not emitted | Medium | Medium | 1 & 2

diff --git a/src/detectors/felt252_overflow.rs b/src/detectors/felt252_overflow.rs
@@ -15,11 +15,11 @@ pub struct Felt252Overflow {}
 
 impl Detector for Felt252Overflow {
     fn name(&self) -> &str {
-        "felt252-overflow"
+        "felt252-unsafe-arithmetic"
     }
 
     fn description(&self) -> &str {
-        "Detect felt252 arithmetic overflow with user-controlled params"
+        "Detect felt252 arithmetic overflow/underflow with user-controlled params"
     }
 
     fn confidence(&self) -> Confidence {
@@ -116,7 +116,7 @@ impl Felt252Overflow {
         // Not tainted by any parameter, but still uses felt252 type
         if tainted_by.is_empty() {
             let msg = format!(
-                "The function {} uses the felt252 operation {}, which is not overflow safe",
+                "The function {} uses the felt252 operation {}, which is not overflow/underflow safe",
                 &name, libfunc
             );
             results.push(Result {
@@ -127,7 +127,7 @@ impl Felt252Overflow {
             });
         } else {
             let msg = format!(
-                    "The function {} uses the felt252 operation {} with the user-controlled parameters: {}, which is not overflow safe",
+                    "The function {} uses the felt252 operation {} with the user-controlled parameters: {}, which is not overflow/underflow safe",
                     &name,
                     libfunc,
                     taints