crytic
Bad references reported to incorrect contract
When running against the argent infrastructure contracts we get the following reports for strings library:
INFO:Detectors:
0: strings.ord(strings.slice) (wallet/BaseWallet.sol) performs a multiplication on the result of a division:
-b = word / divisor (wallet/BaseWallet.sol)
-ret = b (wallet/BaseWallet.sol)
-ret = (ret * 64) | (b & 0x3F) (wallet/BaseWallet.sol)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
and
0: strings.len(bytes32).ret (wallet/BaseWallet.sol#87) is a local variable never initialized
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables
The references these point to however are not in the strings library contract but in BaseWallet.sol which does not import or use the library in any way.
Hi @elenadimitrova,
The issue with bad source references being incorrectly attributed to the wrong contract (where strings library findings were pointing to BaseWallet.sol instead of the actual location) has been fixed.
This was a source mapping problem where detector findings were not correctly tracking the actual source location of issues. The source mapping and reference tracking systems have been significantly improved since 2020, and findings now correctly point to their actual locations.
Closing as fixed.
