slither icon indicating copy to clipboard operation
slither copied to clipboard

Published 20 hours ago verified publisher icon crytic

IR, code within modifiers seem to always appear at the end of functions.

Open AnonymousMonkey2021 opened this issue 5 years ago • 2 comments

The code for the function being modified is inserted where the _ is placed in the modifier.

RequireExample.sol file:


pragma solidity ^0.5.11;
contract RequireExample {
    
    address public owner;
    
    constructor() public {
        owner = msg.sender;
    }
    
    uint public number = 0;
    bool public a = true;
    bool public b = true;
    bool public c = false;
    bool public d = true;

    modifier checka(){
        c = true;
        require(a);
        _;
    }

    function requireb() public{
        if (d){
            d = false;
        }


        require(b);
    }
    
    function test(uint _n, bool _b) checka public {
        requireb();
    }
    
}

And this is the result from IR.

Function RequireExample.test(uint256,bool)
		Expression: requireb()
		IRs:
			INTERNAL_CALL, RequireExample.requireb()()
		Expression: checka()
		IRs:
			INTERNAL_CALL, RequireExample.checka()()
		Modifier Call None

I'm not sure if the problem I'm seen is supposed to be like this. Since the _; appeared at the end of the modifier, the code within the modifier should be added at the beginning of the function, right? Otherwise, if modifiers are always placed at the end of the function, how do we know whether the modifier is doing pre-condition or post-condition checking?

AnonymousMonkey2021 avatar Nov 18 '19 09:11 AnonymousMonkey2021

Hi @JackHFeng. Thank you for your interest in Slither.

This is actually an output artifact. Currently, Slither does not have a straightforward API to output properly the modfier's cfg into in the function using it (which requires some control-flow tricks to handle the _ placeholder). The modifiers calls are kept into function.modifiers_statements.

The IRs nodes generated by these calls are kept into a separate CFG. When the slithir printer outputs the information, it shows all the nodes without any order:

image

To get the pre-condition/post-condition, an analysis must iterate over the function.modifiers_statements, and properly extract them. There is a specific node type for the modifier's placeholder: NodeType.PLACEHOLDER.

We are working towards a better API to handle modifiers calls at the analysis level, but right now it's documentation is not up to date. Feel free to join our slack (#ethereum) if you want direct support on this API.

montyly avatar Nov 18 '19 10:11 montyly

Thank you @montyly !

AnonymousMonkey2021 avatar Nov 18 '19 10:11 AnonymousMonkey2021