slither-action
slither-action copied to clipboard
Published
20 hours ago •
crytic
crytic
Cannot find openzeppelin-contracts
If I ignore the compile in slither-actions, it will successful. If not, it will occur error about openzeppelin-contracts in submodule.
The slither-actions worked successfully in few days ago, but today it suddenly appears the cannot find file error.
In the local test it works successfully, and I cannot figure out why this error will occur even the compile successful.
My github workflow is:
runs:
using: "composite"
steps:
- name: Build
run: |
forge clean
forge build --build-info --skip */test/** */script/** --force
shell: bash
- name: Run Slither
uses: crytic/[email protected]
id: slither
with:
slither-version: "0.10.2"
fail-on: config
slither-config: "slither.config.json"
ignore-compile: true
node-version: 16
slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
The result is:
Run forge clean
Compiling 78 files with Solc 0.8.23
Solc 0.8.23 finished in 2.61s
Run crytic/[email protected]
[-] Applied compatibility link: /home/runner/work/account-abstraction/account-abstraction -> /github/workspace
[-] SLITHERVER provided, installing slither-analyzer==0.10.2
Collecting wheel
Downloading wheel-0.43.0-py3-none-any.whl (65 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 65.8/65.8 kB 9.2 MB/s eta 0:00:00
Installing collected packages: wheel
Successfully installed wheel-0.43.0
Collecting slither-analyzer==0.10.2
Downloading slither_analyzer-0.10.2-py3-none-any.whl (791 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 791.4/791.4 kB 29.8 MB/s eta 0:00:00
Collecting pycryptodome>=3.4.6
Downloading pycryptodome-3.20.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.1/2.1 MB 134.5 MB/s eta 0:00:00
Collecting crytic-compile<0.4.0,>=0.3.7
Downloading crytic_compile-0.3.7-py3-none-any.whl (97 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 97.7/97.7 kB 125.8 MB/s eta 0:00:00
Collecting eth-typing>=3.0.0
Downloading eth_typing-4.2.2-py3-none-any.whl ([18](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:19) kB)
Collecting eth-utils>=2.1.0
Downloading eth_utils-4.1.0-py3-none-any.whl (77 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.7/77.7 kB 177.7 MB/s eta 0:00:00
Collecting web3>=6.0.0
Downloading web3-6.18.0-py3-none-any.whl (1.6 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 180.2 MB/s eta 0:00:00
Collecting eth-abi>=4.0.0
Downloading eth_abi-5.1.0-py3-none-any.whl (29 kB)
Collecting packaging
Downloading packaging-24.0-py3-none-any.whl (53 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 53.5/53.5 kB 180.3 MB/s eta 0:00:00
Collecting prettytable>=3.3.0
Downloading prettytable-3.10.0-py3-none-any.whl (28 kB)
Collecting cbor2
Downloading cbor2-5.6.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (240 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 240.6/240.6 kB 205.6 MB/s eta 0:00:00
Collecting solc-select>=v1.0.4
Downloading solc_select-1.0.4-py3-none-any.whl (20 kB)
Collecting parsimonious<0.11.0,>=0.10.0
Downloading parsimonious-0.10.0-py3-none-any.whl (48 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.4/48.4 kB 180.7 MB/s eta 0:00:00
Collecting cytoolz>=0.10.1
Downloading cytoolz-0.12.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.0 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.0/2.0 MB 205.8 MB/s eta 0:00:00
Collecting eth-hash>=0.3.1
Downloading eth_hash-0.7.0-py3-none-any.whl (8.7 kB)
Collecting wcwidth
Downloading wcwidth-0.2.13-py2.py3-none-any.whl (34 kB)
Collecting hexbytes<0.4.0,>=0.1.0
Downloading hexbytes-0.3.1-py3-none-any.whl (5.9 kB)
Collecting eth-account<0.13,>=0.8.0
Downloading eth_account-0.12.2-py3-none-any.whl (355 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 355.7/355.7 kB 116.8 MB/s eta 0:00:00
Collecting jsonschema>=4.0.0
Downloading jsonschema-4.22.0-py3-none-any.whl (88 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 88.3/88.3 kB [19](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:20)6.0 MB/s eta 0:00:00
Collecting typing-extensions>=4.0.1
Downloading typing_extensions-4.11.0-py3-none-any.whl (34 kB)
Collecting websockets>=10.0.0
Downloading websockets-12.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux[20](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:21)14_x86_64.whl (130 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 130.0/130.0 kB 206.6 MB/s eta 0:00:00
Collecting lru-dict<1.3.0,>=1.1.6
Downloading lru_dict-1.2.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (28 kB)
Collecting protobuf>=4.[21](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:22).6
Downloading protobuf-5.26.1-cp37-abi3-manylinux2014_x86_64.whl (302 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 302.8/302.8 kB 215.8 MB/s eta 0:00:00
Collecting pyunormalize>=15.0.0
Downloading pyunormalize-15.1.0.tar.gz (515 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 515.5/515.5 kB 116.5 MB/s eta 0:00:00
Preparing metadata (setup.py): started
Preparing metadata (setup.py): finished with status 'done'
Collecting aiohttp>=3.7.4.post0
Downloading aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.2 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.2/1.2 MB 200.2 MB/s eta 0:00:00
Collecting requests>=2.16.0
Downloading requests-2.31.0-py3-none-any.whl (62 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.6/62.6 kB 174.5 MB/s eta 0:00:00
Collecting aiosignal>=1.1.2
Downloading aiosignal-1.3.1-py3-none-any.whl (7.6 kB)
Collecting frozenlist>=1.1.1
Downloading frozenlist-1.4.1-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (240 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 240.7/240.7 kB 214.3 MB/s eta 0:00:00
Collecting multidict<7.0,>=4.5
Downloading multidict-6.0.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (123 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 123.8/123.8 kB 193.7 MB/s eta 0:00:00
Collecting attrs>=17.3.0
Downloading attrs-23.2.0-py3-none-any.whl (60 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 60.8/60.8 kB 187.0 MB/s eta 0:00:00
Collecting yarl<2.0,>=1.0
Downloading yarl-1.9.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (304 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 304.3/304.3 kB 210.0 MB/s eta 0:00:00
Collecting async-timeout<5.0,>=4.0
Downloading async_timeout-4.0.3-py3-none-any.whl (5.7 kB)
Collecting toolz>=0.8.0
Downloading toolz-0.12.1-py3-none-any.whl (56 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 56.1/56.1 kB 179.2 MB/s eta 0:00:00
Collecting eth-account<0.13,>=0.8.0
Downloading eth_account-0.12.1-py3-none-any.whl (355 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 355.1/355.1 kB 180.7 MB/s eta 0:00:00
Downloading eth_account-0.12.0-py3-none-any.whl (354 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 354.9/354.9 kB 215.3 MB/s eta 0:00:00
Downloading eth_account-0.11.2-py3-none-any.whl (355 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 355.4/355.4 kB 196.9 MB/s eta 0:00:00
Collecting eth-keyfile>=0.6.0
Downloading eth_keyfile-0.8.1-py3-none-any.whl (7.5 kB)
Collecting rlp>=1.0.0
Downloading rlp-4.0.1-py3-none-any.whl (20 kB)
Collecting ckzg>=0.4.3
Downloading ckzg-1.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (139 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 139.6/139.6 kB 203.0 MB/s eta 0:00:00
Collecting bitarray>=2.4.0
Downloading bitarray-2.9.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (286 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 286.0/286.0 kB 212.0 MB/s eta 0:00:00
Collecting eth-keys>=0.4.0
Downloading eth_keys-0.5.1-py3-none-any.whl (21 kB)
Collecting eth-rlp>=0.3.0
Downloading eth_rlp-2.1.0-py3-none-any.whl (5.1 kB)
Collecting referencing>=0.28.4
Downloading referencing-0.35.1-py3-none-any.whl (26 kB)
Collecting jsonschema-specifications>=2023.03.6
Downloading jsonschema_specifications-2023.12.1-py3-none-any.whl (18 kB)
Collecting rpds-py>=0.7.1
Downloading rpds_py-0.18.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.1 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.1/1.1 MB 187.1 MB/s eta 0:00:00
Collecting regex>=20[22](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:23).3.15
Downloading regex-2024.4.28-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (773 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 773.5/773.5 kB 192.7 MB/s eta 0:00:00
Collecting urllib3<3,>=1.21.1
Downloading urllib3-2.2.1-py3-none-any.whl (121 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 121.1/121.1 kB 213.7 MB/s eta 0:00:00
Collecting certifi>=2017.4.17
Downloading certifi-2024.2.2-py3-none-any.whl (163 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 163.8/163.8 kB 211.2 MB/s eta 0:00:00
Collecting charset-normalizer<4,>=2
Downloading charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (142 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 142.3/142.3 kB 208.4 MB/s eta 0:00:00
Collecting idna<4,>=2.5
Downloading idna-3.7-py3-none-any.whl (66 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 66.8/66.8 kB 177.0 MB/s eta 0:00:00
Collecting eth-rlp>=0.3.0
Downloading eth_rlp-2.0.0-py3-none-any.whl (5.1 kB)
Downloading eth_rlp-1.0.1-py3-none-any.whl (4.9 kB)
Building wheels for collected packages: pyunormalize
Building wheel for pyunormalize (setup.py): started
Building wheel for pyunormalize (setup.py): finished with status 'done'
Created wheel for pyunormalize: filename=pyunormalize-15.1.0-py3-none-any.whl size=516047 sha256=a6d5006[23](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:24)a0840ad0e1f8e7b52658513c4cef751e390dd7055cba533bc01a0a5
Stored in directory: /tmp/pip-ephem-wheel-cache-styl33qt/wheels/dc/9a/3d/1a9de946e66c3d25021fce45f16395cc06df34f62bb64a1bea
Successfully built pyunormalize
Installing collected packages: wcwidth, lru-dict, ckzg, bitarray, websockets, urllib3, typing-extensions, toolz, rpds-py, regex, pyunormalize, pycryptodome, protobuf, prettytable, packaging, multidict, idna, hexbytes, frozenlist, eth-typing, eth-hash, charset-normalizer, certifi, cbor2, attrs, async-timeout, yarl, solc-select, requests, referencing, parsimonious, cytoolz, aiosignal, jsonschema-specifications, eth-utils, crytic-compile, aiohttp, rlp, jsonschema, eth-keys, eth-abi, eth-rlp, eth-keyfile, eth-account, web3, slither-analyzer
Successfully installed aiohttp-3.9.5 aiosignal-1.3.1 async-timeout-4.0.3 attrs-23.2.0 bitarray-2.9.2 cbor2-5.6.3 certifi-20[24](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:25).2.2 charset-normalizer-3.3.2 ckzg-1.0.1 crytic-compile-0.3.7 cytoolz-0.12.3 eth-abi-5.1.0 eth-account-0.11.2 eth-hash-0.7.0 eth-keyfile-0.8.1 eth-keys-0.5.1 eth-rlp-1.0.1 eth-typing-4.2.2 eth-utils-4.1.0 frozenlist-1.4.1 hexbytes-0.3.1 idna-3.7 jsonschema-4.22.0 jsonschema-specifications-2023.12.1 lru-dict-1.2.0 multidict-6.0.5 packaging-24.0 parsimonious-0.10.0 prettytable-3.10.0 protobuf-5.[26](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:27).1 pycryptodome-3.20.0 pyunormalize-15.1.0 referencing-0.35.1 regex-2024.4.[28](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:29) requests-2.31.0 rlp-4.0.1 rpds-py-0.18.0 slither-analyzer-0.10.2 solc-select-1.0.4 toolz-0.12.1 typing-extensions-4.11.0 urllib3-2.2.1 wcwidth-0.2.13 web3-6.18.0 websockets-12.0 yarl-1.9.4
[-] Slither config provided: slither.config.json
[-] SLITHERARGS provided. Running slither with extra arguments
--ignore-compile used, if something goes wrong, consider removing the ignore compile flag
Traceback (most recent call last):
File "/opt/slither/bin/slither", line 8, in <module>
sys.exit(main())
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 753, in main
main_impl(all_detector_classes=detectors, all_printer_classes=printers)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 859, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 107, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 80, in process_single
slither = Slither(target, ast_format=ast, **vars(args))
File "/opt/slither/lib/python3.9/site-packages/slither/slither.py", line 156, in __init__
sol_parser.parse_top_level_items(ast, path)
File "/opt/slither/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line [32](https://github.com/consenlabs/account-abstraction/actions/runs/8963296870/job/24613564505#step:11:33)6, in parse_top_level_items
get_imported_scope = self.compilation_unit.get_scope(import_directive.filename)
File "/opt/slither/lib/python3.9/site-packages/slither/core/compilation_unit.py", line 282, in get_scope
filename = self._crytic_compile_compilation_unit.crytic_compile.filename_lookup(
File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 283, in filename_lookup
raise ValueError(f"{filename} does not exist")
ValueError: lib/openzeppelin-contracts/contracts/access/Ownable.sol does not exist
In my lib, the openzeppelin-contracts/contracts/access/Ownable.sol is existed.
And here is my slither.config.json, the remapping part is same with foundry.toml:
{
"detectors_to_exclude": "abiencoderv2-array,arbitrary-send-erc20,incorrect-shift,multiple-constructors,name-reused,protected-vars,public-mappings-nested,rtlo,suicidal,uninitialized-storage,unprotected-upgrade,codex,arbitrary-send-erc20-permit,arbitrary-send-eth,incorrect-exp,return-leave,storage-array,weak-prng,enum-conversion,erc20-interface,erc721-interface,incorrect-equality,write-after-write,constant-function-asm,constant-function-state,divide-before-multiply,unused-return",
"exclude_informational": true,
"exclude_low": true,
"exclude_optimization": true,
"solc_disable_warnings": false,
"filter_paths": "(lib|test|script)",
"solc_remaps": [
"ds-test/=lib/forge-std/lib/ds-test/src/",
"@aa/=lib/account-abstraction/contracts/",
"@oz/=lib/openzeppelin-contracts/contracts/",
"@oz-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/",
"@openzeppelin/=lib/openzeppelin-contracts/",
"@pimlico-paymaster/=lib/erc20-paymaster/src",
"@account-abstraction/contracts=lib/account-abstraction/contracts/"
]
}
@ChiHaoLu hi, thanks for the report! could this be a change or regression in Foundry? can you check which forge --version you have working locally and failing on your workflow?
I'm seeing the same thing as well as of a couple days ago. No problems running slither locally, just in the action
@ChiHaoLu hi, thanks for the report! could this be a change or regression in Foundry? can you check which
forge --versionyou have working locally and failing on your workflow?
forge 0.2.0 (e0ea59c 2024-04-24T00:17:37.065879000Z)
This is my foundry version. And everything works in locally.
BTW, the CI will work when ignore-compile=false, which means compiling by the slither-actions itself.
So far we suspect this might be caused by https://github.com/foundry-rs/foundry/issues/7878
If you have the option, installing an older Foundry release seems to work around the problem: foundryup -v nightly-f625d0fa7c51e65b4bf1e8f7931cd1c6e2e285e9
Unfortunately for those using the automatic compilation (i.e. no ignore-compile) , the action always installs the latest nightly build of foundry, but we're thinking of adding an option to pin Foundry to a specific release: #85
The foundry issue has been resolved upstream and the latest nightly build includes the fix, can you retest your workflows and let us know if this is now working?