-
Notifications
You must be signed in to change notification settings - Fork 981
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2203 from vovikhangcdv/dev
update: improve unhandled initializers in unprotected-upgrade detector
- Loading branch information
Showing
38 changed files
with
256 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
...ors/snapshots/detectors__detector_UnprotectedUpgradeable_0_4_25_AnyInitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AnyInitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/AnyInitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: AnyInitializer.anyName() (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/AnyInitializer.sol#6-9). Anyone can delete the contract with: AnyInitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/AnyInitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...tors/snapshots/detectors__detector_UnprotectedUpgradeable_0_4_25_Reinitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Reinitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Reinitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Reinitializer.initialize() (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Reinitializer.sol#6-9). Anyone can delete the contract with: Reinitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Reinitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...ors/snapshots/detectors__detector_UnprotectedUpgradeable_0_5_16_AnyInitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AnyInitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/AnyInitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: AnyInitializer.anyName() (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/AnyInitializer.sol#6-9). Anyone can delete the contract with: AnyInitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/AnyInitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...tors/snapshots/detectors__detector_UnprotectedUpgradeable_0_5_16_Reinitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Reinitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Reinitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Reinitializer.initialize() (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Reinitializer.sol#6-9). Anyone can delete the contract with: Reinitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Reinitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...ors/snapshots/detectors__detector_UnprotectedUpgradeable_0_6_11_AnyInitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AnyInitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/AnyInitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: AnyInitializer.anyName() (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/AnyInitializer.sol#6-9). Anyone can delete the contract with: AnyInitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/AnyInitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...tors/snapshots/detectors__detector_UnprotectedUpgradeable_0_6_11_Reinitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Reinitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Reinitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Reinitializer.initialize() (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Reinitializer.sol#6-9). Anyone can delete the contract with: Reinitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Reinitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...tors/snapshots/detectors__detector_UnprotectedUpgradeable_0_7_6_AnyInitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AnyInitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/AnyInitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: AnyInitializer.anyName() (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/AnyInitializer.sol#6-9). Anyone can delete the contract with: AnyInitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/AnyInitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...ctors/snapshots/detectors__detector_UnprotectedUpgradeable_0_7_6_Reinitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Reinitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Reinitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Reinitializer.initialize() (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Reinitializer.sol#6-9). Anyone can delete the contract with: Reinitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Reinitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...ors/snapshots/detectors__detector_UnprotectedUpgradeable_0_8_15_AnyInitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
AnyInitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/AnyInitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: AnyInitializer.anyName() (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/AnyInitializer.sol#6-9). Anyone can delete the contract with: AnyInitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/AnyInitializer.sol#11-14) |
1 change: 1 addition & 0 deletions
1
...tors/snapshots/detectors__detector_UnprotectedUpgradeable_0_8_15_Reinitializer_sol__0.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Reinitializer (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/Reinitializer.sol#3-15) is an upgradeable contract that does not protect its initialize functions: Reinitializer.initialize() (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/Reinitializer.sol#6-9). Anyone can delete the contract with: Reinitializer.kill() (tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/Reinitializer.sol#11-14) |
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/AnyInitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract AnyInitializer is Initializable { | ||
address owner; | ||
|
||
function anyName() external initializer { | ||
require(owner == address(0)); | ||
owner = msg.sender; | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+2.8 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/AnyInitializer.sol-0.4.25.zip
Binary file not shown.
14 changes: 9 additions & 5 deletions
14
tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Initializable.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
contract Initializable{ | ||
modifier initializer() { | ||
_; | ||
} | ||
} | ||
contract Initializable { | ||
modifier initializer() { | ||
_; | ||
} | ||
|
||
modifier reinitializer(uint64 version) { | ||
_; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Reinitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract Reinitializer is Initializable { | ||
address owner; | ||
|
||
function initialize() external reinitializer(2) { | ||
require(owner == address(0)); | ||
owner = msg.sender; | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+2.81 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/Reinitializer.sol-0.4.25.zip
Binary file not shown.
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/AnyInitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract AnyInitializer is Initializable { | ||
address payable owner; | ||
|
||
function anyName() external initializer { | ||
require(owner == address(0)); | ||
owner = msg.sender; | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+2.9 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/AnyInitializer.sol-0.5.16.zip
Binary file not shown.
14 changes: 9 additions & 5 deletions
14
tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Initializable.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
contract Initializable{ | ||
modifier initializer() { | ||
_; | ||
} | ||
} | ||
contract Initializable { | ||
modifier initializer() { | ||
_; | ||
} | ||
|
||
modifier reinitializer(uint64 version) { | ||
_; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Reinitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract Reinitializer is Initializable { | ||
address payable owner; | ||
|
||
function initialize() external reinitializer(2) { | ||
require(owner == address(0)); | ||
owner = msg.sender; | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+2.91 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/Reinitializer.sol-0.5.16.zip
Binary file not shown.
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/AnyInitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract AnyInitializer is Initializable { | ||
address payable owner; | ||
|
||
function anyName() external initializer { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.61 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/AnyInitializer.sol-0.6.11.zip
Binary file not shown.
14 changes: 9 additions & 5 deletions
14
tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Initializable.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
contract Initializable{ | ||
modifier initializer() { | ||
_; | ||
} | ||
} | ||
contract Initializable { | ||
modifier initializer() { | ||
_; | ||
} | ||
|
||
modifier reinitializer(uint64 version) { | ||
_; | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Reinitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract Reinitializer is Initializable { | ||
address payable owner; | ||
|
||
function initialize() external reinitializer(2) { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.63 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/Reinitializer.sol-0.6.11.zip
Binary file not shown.
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/AnyInitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract AnyInitializer is Initializable { | ||
address payable owner; | ||
|
||
function anyName() external initializer { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.51 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/AnyInitializer.sol-0.7.6.zip
Binary file not shown.
8 changes: 6 additions & 2 deletions
8
tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Initializable.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,19 @@ | ||
contract Initializable{ | ||
contract Initializable { | ||
uint8 private _initialized; | ||
bool private _initializing; | ||
|
||
modifier initializer() { | ||
_; | ||
} | ||
|
||
modifier reinitializer(uint64 version) { | ||
_; | ||
} | ||
|
||
function _disableInitializers() internal virtual { | ||
require(!_initializing, "Initializable: contract is initializing"); | ||
if (_initialized < type(uint8).max) { | ||
_initialized = type(uint8).max; | ||
} | ||
} | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Reinitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract Reinitializer is Initializable { | ||
address payable owner; | ||
|
||
function initialize() external reinitializer(2) { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.54 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/Reinitializer.sol-0.7.6.zip
Binary file not shown.
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/AnyInitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract AnyInitializer is Initializable { | ||
address payable owner; | ||
|
||
function anyName() external initializer { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.58 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/AnyInitializer.sol-0.8.15.zip
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/Reinitializer.sol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import "./Initializable.sol"; | ||
|
||
contract Reinitializer is Initializable { | ||
address payable owner; | ||
|
||
function initialize() external reinitializer(2) { | ||
require(owner == address(0)); | ||
owner = payable(msg.sender); | ||
} | ||
|
||
function kill() external { | ||
require(msg.sender == owner); | ||
selfdestruct(owner); | ||
} | ||
} |
Binary file added
BIN
+3.6 KB
tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/Reinitializer.sol-0.8.15.zip
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters