Skip to content

fix: accept onlyDelegateCall as protected modifier in unprotected-upgrade #3014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cats2101 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: accept onlyDelegateCall as protected modifier in unprotected-upgrade #3014

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions slither/detectors/statements/unprotected_upgradeable.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,14 @@ def _has_initializing_protection(functions: list[Function]) -> bool:
return False


_WHITELISTED_MODIFIERS = {"onlyProxy", "onlyDelegateCall"}


def _whitelisted_modifiers(f: Function) -> bool:
# The onlyProxy modifier prevents calling the implementation contract (must be delegatecall)
# The onlyProxy / onlyDelegateCall modifiers prevent calling the implementation contract
# directly (the call must go through delegatecall via the proxy).
# https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/3dec82093ea4a490d63aab3e925fed4f692909e8/contracts/proxy/utils/UUPSUpgradeable.sol#L38-L42
return "onlyProxy" not in [modifier.name for modifier in f.modifiers]
return not any(m.name in _WHITELISTED_MODIFIERS for m in f.modifiers)


def _initialize_functions(contract: Contract) -> list[Function]:
Expand Down
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/OnlyDelegateCall.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
contract OnlyDelegateCall {
modifier onlyDelegateCall() {
_;
}
}
14 changes: 14 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/whitelisted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
import "./OnlyDelegateCall.sol";

contract Whitelisted is Initializable, OnlyProxy{
address owner;
Expand All @@ -13,3 +14,16 @@ contract Whitelisted is Initializable, OnlyProxy{
selfdestruct(owner);
}
}

contract WhitelistedDelegateCall is Initializable, OnlyDelegateCall{
address owner;

function initialize() external initializer onlyDelegateCall {
owner = msg.sender;
}

function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
Binary file modified tests/e2e/detectors/test_data/unprotected-upgrade/0.4.25/whitelisted.sol-0.4.25.zip
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/OnlyDelegateCall.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
contract OnlyDelegateCall {
modifier onlyDelegateCall() {
_;
}
}
14 changes: 14 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/whitelisted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
import "./OnlyDelegateCall.sol";

contract Whitelisted is Initializable, OnlyProxy{
address payable owner;
Expand All @@ -13,3 +14,16 @@ contract Whitelisted is Initializable, OnlyProxy{
selfdestruct(owner);
}
}

contract WhitelistedDelegateCall is Initializable, OnlyDelegateCall{
address payable owner;

function initialize() external initializer onlyDelegateCall {
owner = msg.sender;
}

function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
Binary file modified tests/e2e/detectors/test_data/unprotected-upgrade/0.5.16/whitelisted.sol-0.5.16.zip
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/OnlyDelegateCall.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
contract OnlyDelegateCall {
modifier onlyDelegateCall() {
_;
}
}
14 changes: 14 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/whitelisted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
import "./OnlyDelegateCall.sol";

contract Whitelisted is Initializable, OnlyProxy{
address payable owner;
Expand All @@ -13,3 +14,16 @@ contract Whitelisted is Initializable, OnlyProxy{
selfdestruct(owner);
}
}

contract WhitelistedDelegateCall is Initializable, OnlyDelegateCall{
address payable owner;

function initialize() external initializer onlyDelegateCall {
owner = msg.sender;
}

function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
Binary file modified tests/e2e/detectors/test_data/unprotected-upgrade/0.6.11/whitelisted.sol-0.6.11.zip
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/OnlyDelegateCall.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
contract OnlyDelegateCall {
modifier onlyDelegateCall() {
_;
}
}
14 changes: 14 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/whitelisted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
import "./OnlyDelegateCall.sol";

contract Whitelisted is Initializable, OnlyProxy{
address payable owner;
Expand All @@ -13,3 +14,16 @@ contract Whitelisted is Initializable, OnlyProxy{
selfdestruct(owner);
}
}

contract WhitelistedDelegateCall is Initializable, OnlyDelegateCall{
address payable owner;

function initialize() external initializer onlyDelegateCall {
owner = msg.sender;
}

function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
Binary file modified tests/e2e/detectors/test_data/unprotected-upgrade/0.7.6/whitelisted.sol-0.7.6.zip
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/OnlyDelegateCall.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
contract OnlyDelegateCall {
modifier onlyDelegateCall() {
_;
}
}
14 changes: 14 additions & 0 deletions tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/whitelisted.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import "./Initializable.sol";
import "./OnlyProxy.sol";
import "./OnlyDelegateCall.sol";

contract Whitelisted is Initializable, OnlyProxy{
address payable owner;
Expand All @@ -13,3 +14,16 @@ contract Whitelisted is Initializable, OnlyProxy{
selfdestruct(owner);
}
}

contract WhitelistedDelegateCall is Initializable, OnlyDelegateCall{
address payable owner;

function initialize() external initializer onlyDelegateCall {
owner = payable(msg.sender);
}

function kill() external {
require(msg.sender == owner);
selfdestruct(owner);
}
}
Binary file modified tests/e2e/detectors/test_data/unprotected-upgrade/0.8.15/whitelisted.sol-0.8.15.zip
View file
Open in desktop
Binary file not shown.