decurity / semgrep-smart-contracts Goto Github PK
View Code? Open in Web Editor NEWSemgrep rules for smart contracts based on DeFi exploits
License: Other
Semgrep rules for smart contracts based on DeFi exploits
License: Other
Hi,
We are using your rules for scientific work and need to perhaps refer to release version of the rules. Could you please create a release so that we can refer to?
here is a catalog of contracts and their exploits with corresponding SWC entries: https://github.com/manifoldfinance/defi-threat/tree/2020/10/catalog
please let me know how to best contribute and also how to best cite your work.
cheers
Why is there no inefficient-state-variable-decrement
to detect the decrement case, similar to the inefficient-state-variable-increment
case?
Great repo. I've been learning semgrep with your examples and believe I've found a workaround to incorporate arbitrary-low-level-calls without waiting for beta improvements to solidity semgrep.
The fixes include:
call
rules:
-
id: arbitrary-low-level-call
message: An attacker may perform call() to an arbitrary address with controlled calldata
metadata:
references:
- https://twitter.com/CertiKAlert/status/1512198846343954445
- https://twitter.com/SlowMist_Team/status/1508787862791069700
- https://twitter.com/Beosin_com/status/1509099103401127942
- https://blocksecteam.medium.com/li-fi-attack-a-cross-chain-bridge-vulnerability-no-its-due-to-unchecked-external-call-c31e7dadf60f
- https://etherscan.io/address/0xe7597f774fd0a15a617894dc39d45a28b97afa4f # Auctus Options
- https://etherscan.io/address/0x73a499e043b03fc047189ab1ba72eb595ff1fc8e # Li.Fi
category: controlled-call
tags:
- auctus-options
- starstream-finance
- basket-dao
- li-finance
patterns:
- pattern-either:
- pattern-inside: |
function $F(..., address $ADDR, ..., bytes calldata $DATA, ...) external { ... }
- pattern-inside: |
function $F(..., address $ADDR, ..., bytes calldata $DATA, ...) public { ... }
- pattern-either:
- pattern: $ADDR.call($DATA);
- pattern: $ADDR.call{$VALUE:...}($DATA);
- pattern: $ADDR.call{$VALUE:..., $GAS:...}($DATA);
languages:
- solidity
severity: ERROR
Four matching cases:
contract wxBTRFLY is FrozenToken {
function execute(
address to,
uint256 value,
bytes calldata data
) external returns (bool, bytes memory) {
// ruleid: arbitrary-low-level-call
(bool success, bytes memory result) = to.call{value: value}(data);
// ruleid: arbitrary-low-level-call
(bool success, bytes memory result) = to.call{gas: value}(data);
// ruleid: arbitrary-low-level-call
(bool success, bytes memory result) = to.call(data);
// ruleid: arbitrary-low-level-call
(bool success, bytes memory result) = to.call{value: value, gas: 0}(data);
return (success, result);
}
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.