fix[codegen]: fix false positive in risky call detection #4160
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
the `potential_overlap` and `read_write_overlap()` functions use `contains_risky_call` to detect if there is potential for reentrancy. however, when the target is a precompile, there is no chance for reentrancy, so we filter them out of the detector.
charles-cooper
changed the title
--------- Co-authored-by: Hubert Ritzdorf <[email protected]> Co-authored-by: trocher <[email protected]>
cyberthirst
reviewed
Jun 20, 2024
vyper/codegen/ir_node.py
Outdated
| @@ -13,6 +13,8 @@ | |||
| from vyper.semantics.types import VyperType | |||
| from vyper.utils import VALID_IR_MACROS, ceil32 | |||
|
|
|||
| PRECOMPILE_RANGE = (1, 10) | |||
There was a problem hiding this comment.
might not be true for some L2s
There was a problem hiding this comment.
i thought about this (see also eip-7587) but i think it's ok.
- we can't predict every precompile that will be in use by an L2
- precompiles could have arbitrary effects
- our main goal here is to protect against precompiles which could be generated in the compiler. user-generated calls to precompiles are fair game (we can consider them "unsafe")
cyberthirst
approved these changes
Jun 20, 2024
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4160 +/- ##
===========================================
- Coverage 91.34% 43.85% -47.50%
===========================================
Files 109 109
Lines 15606 15616 +10
Branches 3432 3434 +2
===========================================
- Hits 14256 6849 -7407
- Misses 920 8251 +7331
- Partials 430 516 +86 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the
potential_overlapandread_write_overlap()functions usecontains_risky_callto detect if there is potential for reentrancy. however, when the target is a precompile, there is no chance for reentrancy, so we filter them out of the detector.What I did
How I did it
How to verify it
Commit message
Commit message for the final, squashed PR. (Optional, but reviewers will appreciate it! Please see our commit message style guide for what we would ideally like to see in a commit message.)
Description for the changelog
Cute Animal Picture