Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Slither detects already triaged results #1965

Closed
jubeira opened this issue Jun 15, 2023 · 7 comments
Closed

[Bug]: Slither detects already triaged results #1965

jubeira opened this issue Jun 15, 2023 · 7 comments
Labels
bug Something isn't working High Priority

Comments

@jubeira
Copy link

jubeira commented Jun 15, 2023

Describe the issue:

Slither seems to be detecting issues that have already been triaged into the slither.db.json from time to time.
This makes it difficult to get consistent results between runs after triaging findings, and also generates false positives when running Slither in CI.

This could be related to the ID of the findings that is stored in the DB file, which seems to vary between runs.

Code example to reproduce the issue:

Public sample to reproduce the issue with instructions here: balancer/balancer-v2-monorepo#2514.

Version:

0.9.3

Relevant log output:

# Following the instructions in the PR mentioned above, this is the output after triaging all the results.
# Running slither two times in a row outputs different results:

juan@M16:~/prj/bal/pkg/solidity-utils$ yarn slither
Nothing to compile
INFO:Detectors:
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a3) / ONE_20 (contracts/math/LogExpMath.sol#198)
	- product = (product * a4) / ONE_20 (contracts/math/LogExpMath.sol#202)
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a3) / ONE_20 (contracts/math/LogExpMath.sol#198)
	- product = (product * a5) / ONE_20 (contracts/math/LogExpMath.sol#206)
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a7) / ONE_20 (contracts/math/LogExpMath.sol#214)
	- product = (product * a8) / ONE_20 (contracts/math/LogExpMath.sol#218)
LogExpMath._ln(int256) (contracts/math/LogExpMath.sol#326-458) performs a multiplication on the result of a division:
	- a = (a * ONE_20) / a3 (contracts/math/LogExpMath.sol#372)
	- a = (a * ONE_20) / a4 (contracts/math/LogExpMath.sol#377)
LogExpMath._ln(int256) (contracts/math/LogExpMath.sol#326-458) performs a multiplication on the result of a division:
	- a = (a * ONE_20) / a5 (contracts/math/LogExpMath.sol#382)
	- a = (a * ONE_20) / a6 (contracts/math/LogExpMath.sol#387)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Slither:. analyzed (72 contracts with 85 detectors), 5 result(s) found


juan@M16:~/prj/bal/pkg/solidity-utils$ yarn slither
Nothing to compile
INFO:Detectors:
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a3) / ONE_20 (contracts/math/LogExpMath.sol#198)
	- product = (product * a5) / ONE_20 (contracts/math/LogExpMath.sol#206)
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a4) / ONE_20 (contracts/math/LogExpMath.sol#202)
	- product = (product * a6) / ONE_20 (contracts/math/LogExpMath.sol#210)
LogExpMath.exp(int256) (contracts/math/LogExpMath.sol#146-281) performs a multiplication on the result of a division:
	- product = (product * a7) / ONE_20 (contracts/math/LogExpMath.sol#214)
	- product = (product * a8) / ONE_20 (contracts/math/LogExpMath.sol#218)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
INFO:Slither:. analyzed (72 contracts with 85 detectors), 3 result(s) found
juan@M16:~/prj/bal/pkg/solidity-utils$
@jubeira jubeira added the bug-candidate Bugs reports that are not yet confirmed label Jun 15, 2023
@0xalpharush 0xalpharush added bug Something isn't working and removed bug-candidate Bugs reports that are not yet confirmed labels Jun 15, 2023
@0xalpharush 0xalpharush changed the title [Bug-Candidate]: Slither detects already triaged results [Bug]: Slither detects already triaged results Jun 15, 2023
@amrshaban2005
Copy link

I have the same issue, I hide all results by run triage mode and all saved in slither.db.json, however when I run slither again and again, each time gives me the issues and every run give me different result

@0xalpharush
Copy link
Contributor

@amrshaban2005 Is it also with the divide before multiply detector or a different one?

@amrshaban2005
Copy link

@amrshaban2005 Is it also with the divide before multiply detector or a different one?

@0xalpharush no, it happens with many different detectors like reentrancy-no-eth, unchecked-transfer, unused-return....etc
so don't think it related to specific detector

@amrshaban2005
Copy link

@0xalpharush Could you kindly provide me with any updates, please?

@smonicas
Copy link
Collaborator

smonicas commented Sep 5, 2023

@amrshaban2005 hi, i can't reproduce this issue with other detectors. Please add some more details or better a code to reproduce it. Thank you.

@amrshaban2005
Copy link

@amrshaban2005 hi, i can't reproduce this issue with other detectors. Please add some more details or better a code to reproduce it. Thank you.

hi, thank you for follow up, our code base is complicated so can't write a simple code to reproducer it ,
what I do is the following

  • run slither . --triage-mode and hide all issues found
    image

  • then run slither . which should getting zero issues however it returns 4 issues which means some issues still show although I hide all
    image

please note that every time run slither . it getting me different result

@0xalpharush
Copy link
Contributor

Closed by #2114

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working High Priority
Projects
None yet
Development

No branches or pull requests

4 participants