Complete the Array use after removing element detector

crytic · Sep 1, 2023 · c7007fd · c7007fd
1 parent d961e99
commit c7007fd
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 0 deletions.
diff --git a/tests/detectors/array_use_after_pop_front.cairo b/tests/detectors/array_use_after_pop_front.cairo
@@ -1,6 +1,17 @@
+#[starknet::interface]
+trait IAnotherContract<T> {
+    fn foo(ref self: T, a: Array<u128>) -> u128;
+}
+
 #[starknet::contract]
 mod ArrayUseAfterPopFront {
+    use super::{
+        IAnotherContractDispatcherTrait,
+        IAnotherContractDispatcher,
+        IAnotherContractLibraryDispatcher
+    };
     use array::ArrayTrait;
+    use starknet::ContractAddress;
 
     #[storage]
     struct Storage {}
@@ -65,6 +76,24 @@ mod ArrayUseAfterPopFront {
         return arr;
     }
 
+    #[external(v0)]
+    fn bad_library_call(ref self: ContractState) -> u128 {
+        let mut arr = ArrayTrait::<u128>::new();
+        arr.append(1);
+
+        let b = arr.pop_front();
+        return IAnotherContractLibraryDispatcher { class_hash: starknet::class_hash_const::<0>() }.foo(arr);
+    }
+
+    #[external(v0)]
+    fn bad_external_call(ref self: ContractState) -> u128 {
+        let mut arr = ArrayTrait::<u128>::new();
+        arr.append(1);
+
+        let b = arr.pop_front();
+        return IAnotherContractDispatcher { contract_address: starknet::contract_address_const::<0>() }.foo(arr);
+    }
+
     #[external(v0)]
     fn good(self: @ContractState) {
         let mut arr = ArrayTrait::<u128>::new();

diff --git a/tests/snapshots/integration_tests__detectors@array_use_after_pop_front.cairo.snap b/tests/snapshots/integration_tests__detectors@array_use_after_pop_front.cairo.snap
@@ -0,0 +1,43 @@
+---
+source: tests/integration_tests.rs
+expression: results
+input_file: tests/detectors/array_use_after_pop_front.cairo
+---
+[
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad",
+    },
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad_external_call",
+    },
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad_library_call",
+    },
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad_loop[expr10]",
+    },
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad_one_branch",
+    },
+    Result {
+        impact: Low,
+        name: "array-use-after-pop-front",
+        confidence: Medium,
+        message: "An array is used after removing elements from it in the function array_use_after_pop_front::array_use_after_pop_front::ArrayUseAfterPopFront::bad_return",
+    },
+]