SSA Operations using wrong variable for function args? #1682
-
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
heres a detector for debugging: def _detect(self):
results = []
for contract in self.contracts:
if not contract.name == "VaultImpl":
continue
for function in contract.functions:
if function.signature_str != "deposit(uint256,address) returns(uint256)":
continue
# assuming the last call is _mint for this test code
mint_operation = function.slithir_operations[-1]
shares_to_mint_var = mint_operation.arguments[0]
# check taint
tainted = is_tainted_ssa(shares_to_mint_var, contract)
print(tainted)
return []
assert(False);
return [] |
Beta Was this translation helpful? Give feedback.
-
SlithIR has two representation, the SSA and the non-SSA one. So here if you use For completion, in practice, Slither uses even a third representation, which is a temp representation when converting Solidity to SlithIR. However there seems to be an issue is the SSA index, where the function parameters start at the index 1, while they should start at the index zero. I created an issue to track this here: #1683 |
Beta Was this translation helpful? Give feedback.
-
I would also recommend to change for function in contract.functions:
if function.signature_str != "deposit(uint256,address) returns(uint256)":
continue With |
Beta Was this translation helpful? Give feedback.
SlithIR has two representation, the SSA and the non-SSA one. So here if you use
is_tained_ssa
you should useslithir_ssa_operations
. Most of our detectors don't actually direct use the SSA representation.For completion, in practice, Slither uses even a third representation, which is a temp representation when converting Solidity to SlithIR.
However there seems to be an issue is the SSA index, where the function parameters start at the index 1, while they should start at the index zero. I created an issue to track this here: #1683