Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add detector for unused custom errors #2565

Open
wants to merge 19 commits into
base: dev
Choose a base branch
from
Open

feat: add detector for unused custom errors #2565

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
08b4795
Initial skeleton for unused custom errors detector
gvladika Sep 12, 2024
617fe8b
Add function that checks if custom error is unused
gvladika Sep 17, 2024
0edd70c
Add first sol contract for testing unused custom errors
gvladika Sep 17, 2024
82dfd33
Refactor and include errors defined outside of contracts
gvladika Sep 17, 2024
a6b84cf
Change format
gvladika Sep 18, 2024
0efbf5c
Add filename to the output
gvladika Sep 24, 2024
53e896c
Simplify fetching the file name
gvladika Sep 24, 2024
acc542e
Add wiki docs
gvladika Sep 24, 2024
cacb154
Make test contract(s) more complete
gvladika Sep 24, 2024
c61e536
Lint
gvladika Sep 24, 2024
3d68770
Move detector to another folder
gvladika Sep 24, 2024
3c18062
Update comments
gvladika Sep 24, 2024
415e65e
Remove leftovers
gvladika Sep 24, 2024
4f7d0bc
Merge branch 'dev' into unused-errors-detector
gvladika Sep 25, 2024
b63e62a
Use sets to avoid duplicates
gvladika Sep 26, 2024
44de39b
Use sorted list to get deterministic order in output
gvladika Sep 26, 2024
1bdbecb
Merge branch 'dev' into unused-errors-detector
gvladika Oct 9, 2024
9af60e6
internal_call.function is instance of SolidityCustomRevert
gvladika Oct 10, 2024
65d6943
Merge branch 'dev' into unused-errors-detector
gvladika Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions slither/detectors/all_detectors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,5 +104,6 @@
from .functions.chainlink_feed_registry import ChainlinkFeedRegistry
from .functions.pyth_deprecated_functions import PythDeprecatedFunctions
from .functions.optimism_deprecation import OptimismDeprecation
from .statements.unused_custom_errors import UnusedCustomErrors

# from .statements.unused_import import UnusedImport
94 changes: 94 additions & 0 deletions slither/detectors/statements/unused_custom_errors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
"""
Module detecting unused custom errors
"""
from typing import List, Set
from slither.core.declarations.custom_error import CustomError
from slither.core.declarations.custom_error_top_level import CustomErrorTopLevel
from slither.core.declarations.solidity_variables import SolidityCustomRevert
from slither.detectors.abstract_detector import (
AbstractDetector,
DetectorClassification,
DETECTOR_INFO,
)
from slither.utils.output import Output


class UnusedCustomErrors(AbstractDetector):
"""
Unused custom errors detector
"""

ARGUMENT = "unused-custom-errors"
HELP = "Detects unused custom errors"
IMPACT = DetectorClassification.INFORMATIONAL
CONFIDENCE = DetectorClassification.HIGH

WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#unused-custom-errors"

WIKI_TITLE = "Unused Custom Errors"
WIKI_DESCRIPTION = "Declaring a custom error, but never using it might indicate a mistake."

# region wiki_exploit_scenario
WIKI_EXPLOIT_SCENARIO = """
```solidity
contract A {
error ZeroAddressNotAllowed();

address public owner;

constructor(address _owner) {
owner = _owner;
}
}
```
Custom error `ZeroAddressNotAllowed` is declared but never used. It shall be either invoked where needed, or removed if there's no need for it.
"""
# endregion wiki_exploit_scenario = ""
WIKI_RECOMMENDATION = "Remove the unused custom errors."

def _detect(self) -> List[Output]:
"""Detect unused custom errors"""
declared_custom_errors: Set[CustomError] = set()
custom_reverts: Set[SolidityCustomRevert] = set()
unused_custom_errors: List[CustomError] = []

# Collect all custom errors defined in the contracts
for contract in self.compilation_unit.contracts:
for custom_error in contract.custom_errors:
declared_custom_errors.add(custom_error)

# Add custom errors defined outside of contracts
for custom_error in self.compilation_unit.custom_errors:
declared_custom_errors.add(custom_error)

# Collect all custom errors invoked in revert statements
for contract in self.compilation_unit.contracts:
for function in contract.functions_and_modifiers:
for internal_call in function.internal_calls:
if isinstance(internal_call.function, SolidityCustomRevert):
custom_reverts.add(internal_call.function)

# Find unused custom errors
for declared_error in declared_custom_errors:
if not any(
declared_error.name in custom_revert.name for custom_revert in custom_reverts
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the name could have false negative. For example try adding this in the contract test. It won't get detected.

contract C {
    error UsedParentErr(address x);
}

A better approach could be to have custom_errors with the actual CustomError instance instead of the name and then check here with declared_error == custom_revert. When you are adding the custom error you can get the instance with internal_call.function.custom_error

):
unused_custom_errors.append(declared_error)

# Sort by error name
unused_custom_errors = sorted(unused_custom_errors, key=lambda err: err.name)

# Format results
results = []
if len(unused_custom_errors) > 0:
info: DETECTOR_INFO = ["The following unused error(s) should be removed:"]
for custom_error in unused_custom_errors:
file_scope = (
custom_error.file_scope
if isinstance(custom_error, CustomErrorTopLevel)
else custom_error.contract.file_scope
)
info += ["\n\t-", custom_error.full_name, " (", file_scope.filename.short, ")\n"]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can just use custom_error and in the output you will have automatically its filename. Also it would be better to have individual findings for each custom error instead of one with everything.

results.append(self.generate_result(info))

return results
11 changes: 11 additions & 0 deletions ...ts/detectors__detector_UnusedCustomErrors_0_8_15_ContractToTestForCustomErrors_sol__0.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
The following unused error(s) should be removed:
-UnusedErrorLibConsumerErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ErrorLibConsumer.sol)

-UnusedLibError() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/CustomErrorsLib.sol)

-UnusedParentErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

-UnusedParentErrWithArg(uint256) (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

-UnusedTopLevelErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

41 changes: 41 additions & 0 deletions tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

error UnusedTopLevelErr();
error UsedTopLevelErr();

import "./ErrorLibConsumer.sol";

contract ParentContract {
error UnusedParentErr();
error UnusedParentErrWithArg(uint256 x);
error UsedParentErr(address x);
error UsedParentErrInChild(uint256 x);

constructor() {
new ErrorLibConsumer();
}

function x() public view {
uint256 d = 7;
if (msg.sender == address(0)) {
d = 100;
revert UsedParentErr(msg.sender);
}
}
}

contract ContractToTestForCustomErrors is ParentContract {
function y() public {
address f = msg.sender;
(bool s,) = f.call("");
if (!s) {
revert UsedParentErrInChild(1);
}
revert UsedTopLevelErr();
}

function z() public {
revert Lib.UsedLibErrorB(8);
}
}
Binary file added ...ectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol-0.8.15.zip
View file
Open in desktop
Binary file not shown.
8 changes: 8 additions & 0 deletions tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/CustomErrorsLib.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

library Lib {
error UnusedLibError();
error UsedLibErrorA();
error UsedLibErrorB(uint256 x);
}
17 changes: 17 additions & 0 deletions tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ErrorLibConsumer.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

import "./CustomErrorsLib.sol";

contract ErrorLibConsumer {
error UnusedErrorLibConsumerErr();
error UsedErrorLibConsumerErr();

constructor() {
revert Lib.UsedLibErrorA();
}

function a() public pure {
revert UsedErrorLibConsumerErr();
}
}
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_detectors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,11 @@ def id_test(test_item: Test):
"unused_state.sol",
"0.7.6",
),
Test(
all_detectors.UnusedCustomErrors,
"ContractToTestForCustomErrors.sol",
"0.8.15",
),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.4.25"),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.5.16"),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.6.11"),
Expand Down