Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lack of checks by missing-zero-check detector in parent contract's constructor. #981

Open
dev1644 opened this issue Nov 29, 2021 · 0 comments
Assignees
Labels
bug Something isn't working

Comments

@dev1644
Copy link
Contributor

dev1644 commented Nov 29, 2021

missing-zero-check detector doesn't seem to check the arguments for constructor of parent contracts. Even if the parent contract's constructor has zero-access checks & the child contract is using the same variable, it's gets flagged.

e.g. For this test contract,

pragma solidity 0.7.6;

abstract contract Ownable {
    address public owner1;
    address public owner2;

    constructor (address __owner1, address __owner2) {
        require(__owner1 != address(0), "Zero");
        owner1 = __owner1;
        owner2 = __owner2;
    }
}

contract ABC is Ownable {

    address public owner3;

    constructor(address _owner1, address _owner2) Ownable(_owner1, _owner2) {
        owner3 = _owner1;
    }
}

Slither output:

ABC.constructor(address,address)._owner1 (contracts/ABC.sol#21) lacks a zero-check on :
                - owner3 = _owner1 (contracts/ABC.sol#22)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation
. analyzed (2 contracts with 103 detectors), 1 result(s) found
  • Even though _owner1 is checked for zero address, it gets flagged by the detector.
  • _owner2 doesn't have the check but is ignored by the detector.
@dev1644 dev1644 added the bug Something isn't working label Nov 29, 2021
@dev1644 dev1644 self-assigned this Nov 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant