slither icon indicating copy to clipboard operation
slither copied to clipboard

Published 20 hours ago verified publisher icon crytic

Data dependency: add "must depend on"

Open montyly opened this issue 6 years ago • 4 comments

Right now, the data dependency is an over-approximation that merges all the dependencies coming from all the node's fathers.

As a result, in a code like:

function f(address destination) internal{
     // use of destination
}
function g() internal{
     f(msg.sender):
     f(owner); 
}

destination in f is both dependent of msg.sender and owner. We should have a must depend on mode, to detect if a variable is always dependent of another one.

We can implement it by adding a new mode in analyses/data_dependency/data_dependency.py, where only the dependencies present in all the node's fathers are kept.

montyly avatar Feb 19 '19 09:02 montyly

TODO @montyly: write examples/testcases

montyly avatar Aug 12 '22 16:08 montyly

@montyly I am planning to start implementing this in Slither. Just need a few clarifications. When you say that the "must depend on" mode should should only consider the dependencies present in all the node's fathers, do you mean by immediate fathers?

priyankabose avatar Apr 01 '24 19:04 priyankabose

Could this just be a constant value/ constant propagation analysis? If the variable was always msg.sender, it is a constant, and we can check if the value that must be depended on is equivalent to the constant value. Otherwise, it is not a constant/ undefined, and we can return false.

0xalpharush avatar Apr 01 '24 22:04 0xalpharush

I have a clear idea now where to start after talking to @0xalpharush. I will start with the constants first.

priyankabose avatar Apr 08 '24 16:04 priyankabose