slither icon indicating copy to clipboard operation
slither copied to clipboard

Published 20 hours ago verified publisher icon crytic

[Bug-Candidate]: Missing modifier 'body'

Open Vsevo1od opened this issue 2 years ago • 1 comments

Describe the issue:

When I run slither . in https://github.com/Vsevo1od/governance-crosschain-bridges I get

Missing modifier 'body'
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context OptimismBridgeExecutor)
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context SimpleL2BridgeExecutor)
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context ArbitrumBridgeExecutor)

in console before the detectors output

The contracts: OptimismBridgeExecutor SimpleL2BridgeExecutor ArbitrumBridgeExecutor

Code example to reproduce the issue:

git clone https://github.com/Vsevo1od/governance-crosschain-bridges.git cd governance-crosschain-bridges npm i --legacy-peer-deps npm run compile slither .

Version:

0.8.3

Relevant log output:

$ slither .
'npx hardhat compile --force' running
Generating typings for: 43 artifacts in dir: typechain for target: ethers-v5
Successfully generated 80 typings!
Compiled 40 Solidity files successfully

Solidity 0.8.10 is not fully supported yet. You can still use Hardhat, but some features, like stack traces, might not work correctly.

Learn more at https://hardhat.org/reference/solidity-support

Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
--> contracts/dependencies/arbitrum/interfaces/ArbRetryableTx.sol


Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: <SPDX-License>" to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information.
--> contracts/dependencies/arbitrum/interfaces/IInbox.sol


Warning: Unused function parameter. Remove or comment out the variable name to silence this warning.
  --> contracts/bridges/PolygonBridgeExecutor.sol:71:5:
   |
71 |     uint256 stateId,
   |     ^^^^^^^^^^^^^^^



Missing modifier 'body'
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context OptimismBridgeExecutor)
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context SimpleL2BridgeExecutor)
Missing modifier 'body'
Missing function Variable not found: onlyEthereumGovernanceExecutor (context ArbitrumBridgeExecutor)

ExecutorWithTimelock.executeTransaction(address,uint256,string,bytes,uint256,bool) (node_modules/@aave/governance-v2/contracts/governance/ExecutorWithTimelock.sol#178-228) uses delegatecall to a input-controlled function id
        - (success,resultData) = target.delegatecall(callData) (node_modules/@aave/governance-v2/contracts/governance/ExecutorWithTimelock.sol#208)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall
...

Vsevo1od avatar Aug 11 '22 07:08 Vsevo1od

Likely related to https://github.com/crytic/slither/pull/1227

0xalpharush avatar Aug 12 '22 02:08 0xalpharush

This is working now that the keep: true exists for the dependency compiler. We have an issue tracking that for the library slither uses to build projects here https://github.com/crytic/crytic-compile/issues/218

0xalpharush avatar Oct 18 '23 19:10 0xalpharush