-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reentrancy analyzer test #1189
reentrancy analyzer test #1189
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't check if the method has the attribute
The analyzer intakes .nef file instead of source code, and is unable to be aware of the |
is that possible that we add attribute to the debuginfo?@shargon |
I think this may not be the best methodology. Verifying the codes is better than trusting the manifest. And it may be not easy for other languages to have the same attributes |
here we dont consider other languages. |
NEP-25 and NEP-19 are shared by all of the ecosystem, so any changes there should be discussed separately. |
How it works this reentrancy analyzer? how it check that it has a protection? |
@roman-khimov This is C# compiler, nothing to do with NEP25 or NEP19 standards. And core team is not maintaining any languagues other than C#, we are not responsible for other languages. |
I think the best way is to symbolically execute the assembly of a method, and infer that the method cannot be re-entered. |
I know, but
Looks like NEP-19 to me. While in fact what you want with attribute and what is suggested by @Hecate2 by
is even closer to NEP-25. And this rings the bell for me. |
Problem all mine, i did not know debuginfo is also an NEP~~~ |
public void Test_HasReentrancy() | ||
{ | ||
ReEntrancyAnalyzer.ReEntrancyVulnerabilityPair v = | ||
ReEntrancyAnalyzer.AnalyzeSingleContractReEntrancy(NefFile, Manifest); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AnalyzeSingleContractReEntrancy checks that the storage key is the same?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AnalyzeSingleContractReEntrancy checks that the storage key is the same?
No. This is a test for the reentrancy analyzer, instead of the [NoReentrant] attribute.
I am writing a symbolic VM that should be able to infer the storage key from .nef
No description provided.