Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add detectors for incorrect use of Oracle API #2289

Open
wants to merge 102 commits into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 101 commits
Commits
Show all changes
102 commits
Select commit Hold shift + click to select a range
78c3ea2
Oracle module
talfao Nov 3, 2023
6c3da7c
Before mapping
talfao Nov 8, 2023
86d7dd3
Change the approach
talfao Nov 8, 2023
9f8f9ab
Change the approach
talfao Nov 8, 2023
e8a8758
Return just not checked vars
talfao Nov 8, 2023
aadbd58
Creating check for updated at - not finished
talfao Nov 8, 2023
ed029ed
Add some documentation
talfao Nov 8, 2023
33b1c1f
add checking of internal calls
talfao Nov 10, 2023
398f067
Added basics of navive approach and now try to divide the files
talfao Nov 19, 2023
bbe73f9
Divided to two files and started with naive_check
talfao Nov 19, 2023
6fded76
Reoder values based on the nodes mapping and check_price
talfao Nov 19, 2023
72eda7f
Add text output for price and timestamp
talfao Nov 19, 2023
e964ba3
Improve checks part for price
talfao Nov 19, 2023
e98f03e
Naive check work, however i need to find a way how to represent not e…
talfao Nov 19, 2023
c1532d0
Slot0 simple check
talfao Nov 26, 2023
509ebaf
Before experimenting with unused impl detector
talfao Nov 29, 2023
3f77626
Found used order
talfao Nov 29, 2023
876860d
Finding indexes of returned vars in oracle
talfao Nov 29, 2023
5260262
Naive check should always work
talfao Nov 29, 2023
ec5c69f
Change output from detector of data validiy
talfao Nov 29, 2023
c250443
Add revert check
talfao Nov 30, 2023
227b0f7
Fix an issue if variable is not constant in price
talfao Nov 30, 2023
b4c9b26
Correct revert check
talfao Nov 30, 2023
f584e6d
Rechange the output for mitigating duplicates of arrays
talfao Nov 30, 2023
5d79f48
Simple detection of sequencer
talfao Nov 30, 2023
b9ffe01
Solved ordering of writing to vars
talfao Nov 30, 2023
57df560
Add handler if the node is not var
talfao Dec 3, 2023
d45d144
First testing
talfao Dec 10, 2023
8a26717
Some changes to test
talfao Dec 10, 2023
9eecd91
Comment roundID for now
talfao Dec 10, 2023
9641faa
Merge branch 'dev' into oracle_testing
talfao Dec 10, 2023
fa79feb
Add other test
talfao Dec 10, 2023
f7fa45c
Fix some issue
talfao Dec 10, 2023
548df1c
Merge branch 'dev' into oracle_testing
talfao Dec 10, 2023
583b0e3
Before changing vars_in_conditions
talfao Jan 5, 2024
e1cb0d3
Solved internal calls
talfao Jan 5, 2024
a93e35b
double internal problem solved
talfao Jan 5, 2024
2316cfb
Add when not param
talfao Jan 5, 2024
387d171
Add some tests
talfao Jan 5, 2024
7452b4d
Sequencer
talfao Jan 5, 2024
fe8e744
Change text
talfao Jan 5, 2024
de39bed
Add deprecated call check
talfao Jan 5, 2024
e6d6b1b
Add interface comparism to aggregatorV3Interface
talfao Jan 25, 2024
8378204
Add some documentation
talfao Jan 25, 2024
4a8c4a5
Changes in texting sorting and formatting
talfao Jan 25, 2024
594e25e
Changes in doc
talfao Jan 25, 2024
3d780a4
Merge deprecated call detector
talfao Jan 25, 2024
80bb128
Merge oracle testing and deprecated calls to dev
talfao Jan 25, 2024
2e1da07
Sequencer documentation
talfao Jan 25, 2024
028e28c
Formatting/Refactoring of sequencer file
talfao Jan 25, 2024
2926d28
Remove WIKI_EXPLOIT_SCENARIO from sequencer
talfao Jan 25, 2024
e18751a
Remove unused code, add some comments, formatting
talfao Jan 25, 2024
a3b71dc
Formatting, comments, documentation
talfao Jan 25, 2024
58b195f
Change naming in testing and snapshots based on changed comments
talfao Jan 25, 2024
716212a
Renaming
talfao Jan 25, 2024
b3e798e
Remove unnecessary comment
talfao Jan 25, 2024
5713e8b
First restruct problems
talfao Jan 26, 2024
59236b6
Successfull restruct
talfao Jan 26, 2024
3d546f6
Data valid works for chainlink after restruct
talfao Jan 26, 2024
c20d244
Renamed for generalisation
talfao Feb 2, 2024
70e36a2
Check return node
talfao Feb 4, 2024
145e036
Merge pull request #11 from talfao/portability_change
talfao Feb 4, 2024
b434a75
Clear before PR
talfao Feb 4, 2024
1780794
Solve subscriptable type
talfao Feb 4, 2024
2399a7a
Uncomment test_ast_parsing.vy + remove unnecessary comment
talfao Feb 4, 2024
3e21e7f
fix: resolve pylint errors
talfao Feb 9, 2024
d1ca556
Merge branch 'dev' into dev
talfao Feb 9, 2024
ef3b8fa
Merge dev to investigate_out_of_return
talfao Feb 9, 2024
75712c5
feat: Support out of function check
talfao Feb 10, 2024
c71da94
update test data
talfao Feb 10, 2024
7244835
First changes for cross contract interaction
talfao Feb 24, 2024
c206ab2
feat: cross contract capturing of nodes
talfao Feb 24, 2024
7f49ad5
fix: Fix issues with messages
talfao Feb 24, 2024
b52d755
removing unused code
talfao Feb 24, 2024
28d456f
fix: changes to checks based on new feature
talfao Feb 24, 2024
dc67a70
Merge pull request #1 from talfao/investigate_out_of_return
talfao Feb 24, 2024
c65e887
fix: undefined varible
talfao Feb 24, 2024
165dccd
fix: array issue
talfao Feb 24, 2024
fb5e650
feat: check for timestamp in var
talfao Feb 24, 2024
9296bae
feat: more information if the variabe is checked out of original func…
talfao Feb 24, 2024
0efcfce
fix: handle scenario when too many variations
talfao Feb 24, 2024
0606169
fix: use recommended methods
talfao Feb 24, 2024
7a3ced0
fix: recursion error
talfao Mar 11, 2024
6454d6a
fix: sequencer check
talfao Mar 17, 2024
dff5e50
fix: better solution for recursion error
talfao Mar 18, 2024
d6ac5cb
feat: all done for merge
talfao Mar 18, 2024
de9505b
feat: for the merge improved checks
talfao Mar 18, 2024
19472cf
fix: black issue
talfao Mar 18, 2024
14f43d4
Merge pull request #2 from talfao/new_features_and_checks
talfao Mar 18, 2024
81365ed
feat: interfaces detection
talfao Apr 6, 2024
bcebfeb
Merge branch 'dev' into dev
talfao Apr 6, 2024
b4fb7c2
fix: nodes_with_var attribute
talfao Apr 14, 2024
02e04dd
fix: DATA_DEPENDENCY error
talfao Apr 14, 2024
1ebbe1b
fix: destination error
talfao Apr 14, 2024
f2b3346
fix: another recursion error
talfao Apr 14, 2024
8b8a7bb
fix: recursion error, better design
talfao Apr 14, 2024
da1ad9c
Merge branch 'dev' into dev
talfao Apr 15, 2024
b94963d
Merge branch 'dev' into dev
talfao Apr 17, 2024
b746a01
Merge branch 'dev' into dev
talfao Apr 26, 2024
89b9711
Merge branch 'fixes_after_evaluation' into dev
talfao Apr 26, 2024
46b900c
fix: dead code, improvements from coderabit
talfao Apr 26, 2024
73f0b31
fix: remove unused code
talfao Apr 27, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions slither/detectors/all_detectors.py
Original file line number Diff line number Diff line change
Expand Up @@ -99,3 +99,6 @@
from .statements.return_bomb import ReturnBomb
from .functions.out_of_order_retryable import OutOfOrderRetryable
from .statements.unused_import import UnusedImport
from .oracles.oracle_data_validation import OracleDataCheck
from .oracles.oracle_sequencer import SequencerCheck
from .oracles.deprecated_chainlink_calls import DeprecatedChainlinkCall
Empty file.
62 changes: 62 additions & 0 deletions slither/detectors/oracles/deprecated_chainlink_calls.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
from slither.core.declarations.contract import Contract
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
from slither.slithir.operations import HighLevelCall


class DeprecatedChainlinkCall(AbstractDetector):
"""
Documentation: This detector scans for deprecated Chainlink API calls in Solidity contracts. For example, it flags the use of `getAnswer` which is no longer recommended.
"""

ARGUMENT = "deprecated-chainlink-call"
HELP = "Oracle vulnerabilities"
IMPACT = DetectorClassification.MEDIUM
CONFIDENCE = DetectorClassification.MEDIUM

WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-chainlink-call"
WIKI_TITLE = "Deprecated Chainlink call"
WIKI_DESCRIPTION = "Detection of deprecated Chainlink call."
WIKI_RECOMMENDATION = "Do not use deprecated Chainlink calls. Visit https://docs.chain.link/data-feeds/api-reference/ for active API calls."
WIKI_EXPLOIT_SCENARIO = "---"

DEPRECATED_CHAINLINK_CALLS = [
"getAnswer",
"getTimestamp",
"latestAnswer",
"latestRound",
"latestTimestamp",
]

def is_old_chainlink_call(self, ir) -> bool:
"""
Check if the given operation is an old Chainlink call.
"""
if isinstance(ir, HighLevelCall):
if (
ir.function.name in self.DEPRECATED_CHAINLINK_CALLS
and str(ir.destination.type) == "AggregatorV3Interface"
):
return True
return False

def find_usage_of_deprecated_chainlink_calls(self, contracts: Contract):
"""
Find usage of deprecated Chainlink calls in the contracts.
"""
results = []
for contract in contracts:
for function in contract.functions:
for node in function.nodes:
for ir in node.irs:
if self.is_old_chainlink_call(ir):
results.append(
f"Deprecated Chainlink call {ir.destination}.{ir.function.name} used ({node.source_mapping}).\n"
)
return results

def _detect(self):
results = self.find_usage_of_deprecated_chainlink_calls(self.contracts)
if len(results) > 0:
res = self.generate_result(results)
return [res]
return []
44 changes: 44 additions & 0 deletions slither/detectors/oracles/oracle_data_validation.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
from slither.detectors.abstract_detector import DetectorClassification
from slither.detectors.oracles.oracle_detector import OracleDetector


class OracleDataCheck(OracleDetector):
"""
Documentation
"""

ARGUMENT = "oracle-data-validation" # slither will launch the detector with slither.py --detect mydetector
HELP = "Oracle vulnerabilities"
IMPACT = DetectorClassification.MEDIUM
CONFIDENCE = DetectorClassification.MEDIUM

WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#oracle-data-validation"

WIKI_TITLE = "Oracle data validation"
WIKI_DESCRIPTION = "The detection of not correct validation of oracle data."
WIKI_EXPLOIT_SCENARIO = "---"
WIKI_RECOMMENDATION = "Validate the data returned by the oracle. For more information visit https://docs.chain.link/data-feeds/api-reference"

# This function is necessary even though there is a detector for unused return values because the variable can be used but will not be validated in conditional statements
def process_not_checked_vars(self):
result = []
for oracle in self.oracles:
if len(oracle.vars_not_in_condition) > 0:
result.append(
f"The oracle {oracle.contract}.{oracle.interface} ({oracle.node.source_mapping}) returns the variables {[var.name for var in oracle.vars_not_in_condition]} which are not validated. It can potentially lead to unexpected behaviour.\n"
)
return result

def _detect(self):
results = []
super()._detect()
not_checked_vars = self.process_not_checked_vars()
if len(not_checked_vars) > 0:
res = self.generate_result(not_checked_vars)
results.append(res)
for oracle in self.oracles:
checked_vars = oracle.naive_data_validation()
if len(checked_vars) > 0:
res = self.generate_result(checked_vars)
results.append(res)
return results
Loading