Merge branch 'crytic:dev' into dev

.github/workflows/black.yml

@@ -32,7 +32,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.8
 

.github/workflows/ci.yml

@@ -55,7 +55,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python }}
       - name: Install dependencies
@@ -67,11 +67,11 @@ jobs:
 
       - name: Set up nix
         if: matrix.type == 'dapp'
-        uses: cachix/install-nix-action@v23
+        uses: cachix/install-nix-action@v25
 
       - name: Set up cachix
         if: matrix.type == 'dapp'
-        uses: cachix/cachix-action@v12
+        uses: cachix/cachix-action@v14
         with:
           name: dapp
 

.github/workflows/docs.yml

@@ -30,17 +30,17 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Pages
-        uses: actions/configure-pages@v3
-      - uses: actions/setup-python@v4
+        uses: actions/configure-pages@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.8'
       - run: pip install -e ".[doc]"
       - run: pdoc -o html/ slither '!slither.tools' #TODO fix import errors on pdoc run
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v2
+        uses: actions/upload-pages-artifact@v3
         with:
           # Upload the doc
           path: './html/'
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v2
+        uses: actions/deploy-pages@v4

.github/workflows/doctor.yml

@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up Python ${{ matrix.python }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python }}
 

.github/workflows/linter.yml

@@ -31,7 +31,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.8
 

.github/workflows/pip-audit.yml

@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.10"
 

.github/workflows/publish.yml

@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -23,7 +23,7 @@ jobs:
           python -m pip install build
           python -m build
       - name: Upload distributions
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: slither-dists
           path: dist/
@@ -44,10 +44,10 @@ jobs:
           path: dist/
 
       - name: publish
-        uses: pypa/[email protected].10
+        uses: pypa/[email protected].11
 
       - name: sign
-        uses: sigstore/[email protected].0
+        uses: sigstore/[email protected].1
         with:
           inputs: ./dist/*.tar.gz ./dist/*.whl
           release-signing-artifacts: true

.github/workflows/pylint.yml

@@ -29,7 +29,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.8
 

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python }}
           cache: "pip"
@@ -40,7 +40,7 @@ jobs:
           pip install ".[test]"
 
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '16'
           cache: 'npm'
@@ -102,7 +102,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python 3.8
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.8
 

Dockerfile

@@ -47,6 +47,6 @@ ENV PATH="/home/slither/.local/bin:${PATH}"
 RUN --mount=type=bind,target=/mnt,source=/wheels,from=python-wheels \
     pip3 install --user --no-cache-dir --upgrade --no-index --find-links /mnt --no-deps /mnt/*.whl
 
-RUN solc-select install 0.4.25 && solc-select use 0.4.25
+RUN solc-select use latest --always-install
 
 CMD /bin/bash

README.md

@@ -7,7 +7,7 @@
 [![Slither - Read the Docs](https://img.shields.io/badge/Slither-Read_the_Docs-2ea44f)](https://crytic.github.io/slither/slither.html)
 [![Slither - Wiki](https://img.shields.io/badge/Slither-Wiki-2ea44f)](https://github.com/crytic/slither/wiki/SlithIR)
 
-> Join the Empire Hacking Slack  
+> Join the Empire Hacking Slack
 >
 > [![Slack Status](https://slack.empirehacking.nyc/badge.svg)](https://slack.empirehacking.nyc/)
 > > <sub><i>- Discussions and Support </i></sub>
@@ -46,7 +46,7 @@
 * Correctly parses 99.9% of all public Solidity code
 * Average execution time of less than 1 second per contract
 * Integrates with Github's code scanning in [CI](https://github.com/marketplace/actions/slither-action)
-* Support for Vyper
+* Support for Vyper smart contracts
 
 ## Usage
 
@@ -73,14 +73,14 @@ If you're **not** going to use one of the [supported compilation frameworks](htt
 ### Using Pip
 
 ```console
-pip3 install slither-analyzer
+python3 -m pip install slither-analyzer
 ```
 
 ### Using Git
 
 ```bash
 git clone https://github.com/crytic/slither.git && cd slither
-python3 setup.py install
+python3 -m pip install .
 ```
 
 We recommend using a Python virtual environment, as detailed in the [Developer Installation Instructions](https://github.com/trailofbits/slither/wiki/Developer-installation), if you prefer to install Slither via git.
@@ -131,10 +131,10 @@ Num | Detector | What it Detects | Impact | Confidence
 20 | `controlled-delegatecall` | [Controlled delegatecall destination](https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall) | High | Medium
 21 | `delegatecall-loop` | [Payable functions using `delegatecall` inside a loop](https://github.com/crytic/slither/wiki/Detector-Documentation/#payable-functions-using-delegatecall-inside-a-loop) | High | Medium
 22 | `incorrect-exp` | [Incorrect exponentiation](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-exponentiation) | High | Medium
-23 | `incorrect-return` | [If a `return` is incorrectly used in assembly mode.](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-assembly-return) | High | Medium
+23 | `incorrect-return` | [If a `return` is incorrectly used in assembly mode.](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-return-in-assembly) | High | Medium
 24 | `msg-value-loop` | [msg.value inside a loop](https://github.com/crytic/slither/wiki/Detector-Documentation/#msgvalue-inside-a-loop) | High | Medium
 25 | `reentrancy-eth` | [Reentrancy vulnerabilities (theft of ethers)](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities) | High | Medium
-26 | `return-leave` | [If a `return` is used instead of a `leave`.](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-assembly-return) | High | Medium
+26 | `return-leave` | [If a `return` is used instead of a `leave`.](https://github.com/crytic/slither/wiki/Detector-Documentation#return-instead-of-leave-in-assembly) | High | Medium
 27 | `storage-array` | [Signed storage integer array compiler bug](https://github.com/crytic/slither/wiki/Detector-Documentation#storage-signed-integer-array) | High | Medium
 28 | `unchecked-transfer` | [Unchecked tokens transfer](https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer) | High | Medium
 29 | `weak-prng` | [Weak PRNG](https://github.com/crytic/slither/wiki/Detector-Documentation#weak-PRNG) | High | Medium

setup.py

@@ -5,18 +5,18 @@
 
 setup(
     name="slither-analyzer",
-    description="Slither is a Solidity static analysis framework written in Python 3.",
+    description="Slither is a Solidity and Vyper static analysis framework written in Python 3.",
     url="https://github.com/crytic/slither",
     author="Trail of Bits",
-    version="0.9.6",
+    version="0.10.0",
     packages=find_packages(),
     python_requires=">=3.8",
     install_requires=[
         "packaging",
         "prettytable>=3.3.0",
         "pycryptodome>=3.4.6",
-        # "crytic-compile>=0.3.1,<0.4.0",
-        "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
+        "crytic-compile>=0.3.5,<0.4.0",
+        # "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
         "web3>=6.0.0",
         "eth-abi>=4.0.0",
         "eth-typing>=3.0.0",

slither/core/declarations/function.py

@@ -1500,10 +1500,13 @@ def is_reentrant(self) -> bool:
         """
         Determine if the function can be re-entered
         """
+        reentrancy_modifier = "nonReentrant"
+
+        if self.function_language == FunctionLanguage.Vyper:
+            reentrancy_modifier = "nonreentrant(lock)"
+
         # TODO: compare with hash of known nonReentrant modifier instead of the name
-        if "nonReentrant" in [m.name for m in self.modifiers] or "nonreentrant(lock)" in [
-            m.name for m in self.modifiers
-        ]:
+        if reentrancy_modifier in [m.name for m in self.modifiers]:
             return False
 
         if self.visibility in ["public", "external"]:
@@ -1515,7 +1518,9 @@ def is_reentrant(self) -> bool:
         ]
         if not all_entry_points:
             return True
-        return not all(("nonReentrant" in [m.name for m in f.modifiers] for f in all_entry_points))
+        return not all(
+            (reentrancy_modifier in [m.name for m in f.modifiers] for f in all_entry_points)
+        )
 
     # endregion
     ###################################################################################

slither/detectors/assembly/incorrect_return.py

@@ -39,7 +39,9 @@ class IncorrectReturn(AbstractDetector):
     IMPACT = DetectorClassification.HIGH
     CONFIDENCE = DetectorClassification.MEDIUM
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-assembly-return"
+    WIKI = (
+        "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-return-in-assembly"
+    )
 
     WIKI_TITLE = "Incorrect return in assembly"
     WIKI_DESCRIPTION = "Detect if `return` in an assembly block halts unexpectedly the execution."

slither/detectors/assembly/return_instead_of_leave.py

@@ -20,7 +20,7 @@ class ReturnInsteadOfLeave(AbstractDetector):
     IMPACT = DetectorClassification.HIGH
     CONFIDENCE = DetectorClassification.MEDIUM
 
-    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-assembly-return"
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#return-instead-of-leave-in-assembly"
 
     WIKI_TITLE = "Return instead of leave in assembly"
     WIKI_DESCRIPTION = "Detect if a `return` is used where a `leave` should be used."

slither/detectors/functions/suicidal.py

@@ -59,7 +59,7 @@ def detect_suicidal_func(func: FunctionContract) -> bool:
         if func.visibility not in ["public", "external"]:
             return False
 
-        calls = [c.name for c in func.internal_calls]
+        calls = [c.name for c in func.all_internal_calls()]
         if not ("suicide(address)" in calls or "selfdestruct(address)" in calls):
             return False
 

slither/detectors/statements/divide_before_multiply.py

@@ -133,7 +133,7 @@ def detect_divide_before_multiply(
     results: List[Tuple[FunctionContract, List[Node]]] = []
 
     # Loop for each function and modifier.
-    for function in contract.functions_declared:
+    for function in contract.functions_declared + contract.modifiers_declared:
         if not function.entry_point:
             continue
 

slither/detectors/variables/predeclaration_usage_local.py

@@ -36,7 +36,7 @@ class PredeclarationUsageLocal(AbstractDetector):
 ```solidity
 contract C {
     function f(uint z) public returns (uint) {
-        uint y = x + 9 + z; // 'z' is used pre-declaration
+        uint y = x + 9 + z; // 'x' is used pre-declaration
         uint x = 7;
 
         if (z % 2 == 0) {

slither/slithir/convert.py

@@ -630,6 +630,17 @@ def propagate_types(ir: Operation, node: "Node"):  # pylint: disable=too-many-lo
                     if new_ir:
                         return new_ir
 
+                # convert library function when used with "this"
+                if (
+                    isinstance(t, ElementaryType)
+                    and t.name == "address"
+                    and ir.destination.name == "this"
+                    and UserDefinedType(node_function.contract) in using_for
+                ):
+                    new_ir = convert_to_library_or_top_level(ir, node, using_for)
+                    if new_ir:
+                        return new_ir
+
                 if isinstance(t, UserDefinedType):
                     # UserdefinedType
                     t_type = t.type
@@ -1564,6 +1575,18 @@ def convert_to_library_or_top_level(
         if new_ir:
             return new_ir
 
+    if (
+        isinstance(t, ElementaryType)
+        and t.name == "address"
+        and ir.destination.name == "this"
+        and UserDefinedType(node.function.contract) in using_for
+    ):
+        new_ir = look_for_library_or_top_level(
+            contract, ir, using_for, UserDefinedType(node.function.contract)
+        )
+        if new_ir:
+            return new_ir
+
     return None
 
 

slither/solc_parsing/declarations/function.py

@@ -1106,11 +1106,13 @@ def _parse_unchecked_block(self, block: Dict, node: NodeSolc, scope):
         return node
 
     def _update_reachability(self, node: Node) -> None:
-        if node.is_reachable:
-            return
-        node.set_is_reachable(True)
-        for son in node.sons:
-            self._update_reachability(son)
+        worklist = [node]
+        while worklist:
+            current = worklist.pop()
+            # fix point
+            if not current.is_reachable:
+                current.set_is_reachable(True)
+                worklist.extend(current.sons)
 
     def _parse_cfg(self, cfg: Dict) -> None:
 

slither/tools/mutator/README.md

@@ -0,0 +1,33 @@
+# Slither-mutate
+
+`slither-mutate` is a mutation testing tool for solidity based smart contracts.
+
+## Usage
+
+`slither-mutate <codebase> --test-cmd <test-command> <options>`
+
+To view the list of mutators available `slither-mutate --list-mutators`
+
+### CLI Interface
+
+```shell
+positional arguments:
+  codebase              Codebase to analyze (.sol file, project directory, ...)
+
+options:
+  -h, --help            show this help message and exit
+  --list-mutators       List available detectors
+  --test-cmd TEST_CMD   Command to run the tests for your project
+  --test-dir TEST_DIR   Tests directory
+  --ignore-dirs IGNORE_DIRS
+                        Directories to ignore
+  --timeout TIMEOUT     Set timeout for test command (by default 30 seconds)
+  --output-dir OUTPUT_DIR
+                        Name of output directory (by default 'mutation_campaign')
+  --verbose             output all mutants generated
+  --mutators-to-run MUTATORS_TO_RUN
+                        mutant generators to run
+  --contract-names CONTRACT_NAMES
+                        list of contract names you want to mutate
+  --quick               to stop full mutation if revert mutator passes
+```