Merge branch 'crytic:dev' into dev

.github/workflows/publish.yml

@@ -44,7 +44,7 @@ jobs:
           path: dist/
 
       - name: publish
-        uses: pypa/[email protected].3
+        uses: pypa/[email protected].4
 
       - name: sign
         uses: sigstore/[email protected]

README.md

@@ -159,7 +159,7 @@ Num | Detector | What it Detects | Impact | Confidence
 35 | `locked-ether` | [Contracts that lock ether](https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether) | Medium | High
 36 | `mapping-deletion` | [Deletion on mapping containing a structure](https://github.com/crytic/slither/wiki/Detector-Documentation#deletion-on-mapping-containing-a-structure) | Medium | High
 37 | `pyth-deprecated-functions` | [Detect Pyth deprecated functions](https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-deprecated-functions) | Medium | High
-38 | `pyth-unchecked-confidence` | [Detect when the confidence level of a Pyth price is not checked](https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-unchecked-confidence) | Medium | High
+38 | `pyth-unchecked-confidence` | [Detect when the confidence level of a Pyth price is not checked](https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-unchecked-confidence-level) | Medium | High
 39 | `pyth-unchecked-publishtime` | [Detect when the publishTime of a Pyth price is not checked](https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-unchecked-publishtime) | Medium | High
 40 | `shadowing-abstract` | [State variables shadowing from abstract contracts](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variable-shadowing-from-abstract-contracts) | Medium | High
 41 | `tautological-compare` | [Comparing a variable to itself always returns true or false, depending on comparison](https://github.com/crytic/slither/wiki/Detector-Documentation#tautological-compare) | Medium | High
@@ -179,9 +179,9 @@ Num | Detector | What it Detects | Impact | Confidence
 55 | `unchecked-send` | [Unchecked send](https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-send) | Medium | Medium
 56 | `uninitialized-local` | [Uninitialized local variables](https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables) | Medium | Medium
 57 | `unused-return` | [Unused return values](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return) | Medium | Medium
-58 | `chainlink-feed-registry` | [Detect when chainlink feed registry is used](https://github.com/crytic/slither/wiki/Detector-Documentation#chainlink-feed-registry) | Low | High
+58 | `chainlink-feed-registry` | [Detect when chainlink feed registry is used](https://github.com/crytic/slither/wiki/Detector-Documentation#chainlink-feed-registry-usage) | Low | High
 59 | `incorrect-modifier` | [Modifiers that can return the default value](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-modifier) | Low | High
-60 | `optimism-deprecation` | [Detect when deprecated Optimism predeploy or function is used.](https://github.com/crytic/slither/wiki/Detector-Documentation#optimism-deprecation) | Low | High
+60 | `optimism-deprecation` | [Detect when deprecated Optimism predeploy or function is used.](https://github.com/crytic/slither/wiki/Detector-Documentation#optimism-deprecated-predeploy-or-function) | Low | High
 61 | `shadowing-builtin` | [Built-in symbol shadowing](https://github.com/crytic/slither/wiki/Detector-Documentation#builtin-symbol-shadowing) | Low | High
 62 | `shadowing-local` | [Local variables shadowing](https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing) | Low | High
 63 | `uninitialized-fptr-cst` | [Uninitialized function pointer calls in constructors](https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-function-pointers-in-constructors) | Low | High
@@ -203,7 +203,7 @@ Num | Detector | What it Detects | Impact | Confidence
 79 | `deprecated-standards` | [Deprecated Solidity Standards](https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards) | Informational | High
 80 | `erc20-indexed` | [Un-indexed ERC20 event parameters](https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters) | Informational | High
 81 | `function-init-state` | [Function initializing state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#function-initializing-state) | Informational | High
-82 | `incorrect-using-for` | [Detects using-for statement usage when no function from a given library matches a given type](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-using-for-usage) | Informational | High
+82 | `incorrect-using-for` | [Detects using-for statement usage when no function from a given library matches a given type](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-usage-of-using-for-statement) | Informational | High
 83 | `low-level-calls` | [Low level calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls) | Informational | High
 84 | `missing-inheritance` | [Missing inheritance](https://github.com/crytic/slither/wiki/Detector-Documentation#missing-inheritance) | Informational | High
 85 | `naming-convention` | [Conformity to Solidity naming conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions) | Informational | High

slither/detectors/functions/chainlink_feed_registry.py

@@ -15,7 +15,7 @@ class ChainlinkFeedRegistry(AbstractDetector):
     IMPACT = DetectorClassification.LOW
     CONFIDENCE = DetectorClassification.HIGH
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#chainlink-feed-registry"
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#chainlink-feed-registry-usage"
 
     WIKI_TITLE = "Chainlink Feed Registry usage"
     WIKI_DESCRIPTION = "Detect when Chainlink Feed Registry is used. At the moment is only available on Ethereum Mainnet."

slither/detectors/functions/optimism_deprecation.py

@@ -18,7 +18,7 @@ class OptimismDeprecation(AbstractDetector):
     IMPACT = DetectorClassification.LOW
     CONFIDENCE = DetectorClassification.HIGH
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#optimism-deprecation"
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#optimism-deprecated-predeploy-or-function"
 
     WIKI_TITLE = "Optimism deprecated predeploy or function"
     WIKI_DESCRIPTION = "Detect when deprecated Optimism predeploy or function is used."

slither/detectors/statements/incorrect_using_for.py

@@ -165,7 +165,7 @@ class IncorrectUsingFor(AbstractDetector):
     IMPACT = DetectorClassification.INFORMATIONAL
     CONFIDENCE = DetectorClassification.HIGH
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-using-for-usage"
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-usage-of-using-for-statement"
 
     WIKI_TITLE = "Incorrect usage of using-for statement"
     WIKI_DESCRIPTION = (

slither/detectors/statements/pyth_unchecked.py

@@ -24,13 +24,13 @@ def _detect(self) -> List[Output]:
         for contract in self.compilation_unit.contracts_derived:
             for target_contract, ir in contract.all_high_level_calls:
                 if target_contract.name == "IPyth" and ir.function_name in self.PYTH_FUNCTIONS:
-                    # We know for sure the second IR in the node is an Assignment operation of the TMP variable. Example:
+                    # We know for sure the last IR in the node is an Assignment operation of the TMP variable. Example:
                     # 	Expression: price = pyth.getEmaPriceNoOlderThan(id,age)
                     #   IRs:
                     #      TMP_0(PythStructs.Price) = HIGH_LEVEL_CALL, dest:pyth(IPyth), function:getEmaPriceNoOlderThan, arguments:['id', 'age']
                     #      price(PythStructs.Price) := TMP_0(PythStructs.Price)
-                    assert isinstance(ir.node.irs[1], Assignment)
-                    return_variable = ir.node.irs[1].lvalue
+                    assert isinstance(ir.node.irs[len(ir.node.irs) - 1], Assignment)
+                    return_variable = ir.node.irs[len(ir.node.irs) - 1].lvalue
                     checked = False
 
                     possible_unchecked_variable_ir = None

slither/detectors/statements/pyth_unchecked_confidence.py

@@ -12,7 +12,7 @@ class PythUncheckedConfidence(PythUnchecked):
     IMPACT = DetectorClassification.MEDIUM
     CONFIDENCE = DetectorClassification.HIGH
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-unchecked-confidence"
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#pyth-unchecked-confidence-level"
     WIKI_TITLE = "Pyth unchecked confidence level"
     WIKI_DESCRIPTION = "Detect when the confidence level of a Pyth price is not checked"
     WIKI_RECOMMENDATION = "Check the confidence level of a Pyth price. Visit https://docs.pyth.network/price-feeds/best-practices#confidence-intervals for more information."

slither/tools/mutator/README.md

@@ -33,8 +33,7 @@ options:
   --timeout TIMEOUT     Set timeout for test command (by default 30 seconds)
   --output-dir OUTPUT_DIR
                         Name of output directory (by default 'mutation_campaign')
-  -v, --verbose         log mutants that are caught as well as those that are uncaught
-  -vv, --very-verbose   log mutants that are caught, uncaught, and fail to compile. And more!
+  -v, --verbose         log mutants that are caught, uncaught, and fail to compile
   --mutators-to-run MUTATORS_TO_RUN
                         mutant generators to run
   --contract-names CONTRACT_NAMES

slither/tools/mutator/__main__.py

@@ -72,7 +72,7 @@ def parse_args() -> argparse.Namespace:
     parser.add_argument(
         "-v",
         "--verbose",
-        help="log mutants that are caught as well as those that are uncaught",
+        help="log mutants that are caught, uncaught, and fail to compile",
         action="store_true",
         default=False,
     )

slither/tools/mutator/mutators/AOR.py

@@ -2,12 +2,9 @@
 from slither.slithir.operations import Binary, BinaryType
 from slither.tools.mutator.utils.patch import create_patch_with_line
 from slither.tools.mutator.mutators.abstract_mutator import AbstractMutator
-from slither.core.variables.variable import Variable
 from slither.core.expressions.unary_operation import UnaryOperation
 from slither.core.expressions.call_expression import CallExpression
 from slither.core.expressions.member_access import MemberAccess
-from slither.core.expressions.identifier import Identifier
-from slither.core.solidity_types.array_type import ArrayType
 
 arithmetic_operators = [
     BinaryType.ADDITION,
@@ -42,9 +39,6 @@ def _mutate(self) -> Dict:
                     isinstance(ir_expression, CallExpression)
                     and isinstance(ir_expression.called, MemberAccess)
                     and ir_expression.called.member_name == "pop"
-                    and isinstance(ir_expression.called.expression, Identifier)
-                    and isinstance(ir_expression.called.expression.value, Variable)
-                    and isinstance(ir_expression.called.expression.value.type, ArrayType)
                 ):
                     continue
 
@@ -58,9 +52,6 @@ def _mutate(self) -> Dict:
                     if isinstance(ir_expression, CallExpression)
                     and isinstance(ir_expression.called, MemberAccess)
                     and ir_expression.called.member_name == "push"
-                    and isinstance(ir_expression.called.expression, Identifier)
-                    and isinstance(ir_expression.called.expression.value, Variable)
-                    and isinstance(ir_expression.called.expression.value.type, ArrayType)
                     else node.irs
                 )
 

tests/e2e/detectors/snapshots/detectors__detector_PythUncheckedConfidence_0_8_20_pyth_unchecked_confidence_sol__0.txt

@@ -1,3 +1,6 @@
-Pyth price conf field is not checked in C.bad(bytes32,uint256) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#171-175)
-	- price = pyth.getEmaPriceNoOlderThan(id,age) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#172)
+Pyth price conf field is not checked in C.bad2(C.Data) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#182-186)
+	- price = pyth.getEmaPriceNoOlderThan(data.id,data.age) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#183)
+
+Pyth price conf field is not checked in C.bad(bytes32,uint256) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#176-180)
+	- price = pyth.getEmaPriceNoOlderThan(id,age) (tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol#177)
 

tests/e2e/detectors/snapshots/detectors__detector_PythUncheckedPublishTime_0_8_20_pyth_unchecked_publishtime_sol__0.txt

@@ -1,3 +1,6 @@
-Pyth price publishTime field is not checked in C.bad(bytes32) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#171-175)
-	- price = pyth.getEmaPriceUnsafe(id) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#172)
+Pyth price publishTime field is not checked in C.bad(bytes32) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#175-179)
+	- price = pyth.getEmaPriceUnsafe(id) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#176)
+
+Pyth price publishTime field is not checked in C.bad2(C.Data) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#181-185)
+	- price = pyth.getEmaPriceUnsafe(data.id) (tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol#182)
 

tests/e2e/detectors/test_data/pyth-unchecked-confidence/0.8.20/pyth_unchecked_confidence.sol

@@ -164,6 +164,11 @@ interface IPyth {
 contract C {
     IPyth pyth;
 
+    struct Data {
+        bytes32 id;
+        uint256 age;
+    }
+
     constructor(IPyth _pyth) {
         pyth = _pyth;
     }
@@ -174,6 +179,12 @@ contract C {
         // Use price
     }
 
+    function bad2(Data calldata data) public {
+        PythStructs.Price memory price = pyth.getEmaPriceNoOlderThan(data.id, data.age);
+        require(price.publishTime > block.timestamp - 120);
+        // Use price
+    }
+
     function good(bytes32 id, uint256 age) public {
         PythStructs.Price memory price = pyth.getEmaPriceNoOlderThan(id, age);
         require(price.conf < 10000);

tests/e2e/detectors/test_data/pyth-unchecked-publishtime/0.8.20/pyth_unchecked_publishtime.sol

@@ -164,6 +164,10 @@ interface IPyth {
 contract C {
     IPyth pyth;
 
+    struct Data {
+        bytes32 id;
+    }
+
     constructor(IPyth _pyth) {
         pyth = _pyth;
     }
@@ -174,6 +178,12 @@ contract C {
         // Use price
     }
 
+    function bad2(Data calldata data) public {
+        PythStructs.Price memory price = pyth.getEmaPriceUnsafe(data.id);
+        require(price.conf < 10000);
+        // Use price
+    }
+
     function good(bytes32 id) public {
         PythStructs.Price memory price = pyth.getEmaPriceUnsafe(id);
         require(price.publishTime > block.timestamp - 120);