[Bug-Candidate]: Crash when an error with parameters is defined in the top level namespace

Question

[Bug-Candidate]: Crash when an error with parameters is defined in the top level namespace

fiddlemath opened this issue 3 years ago · 2 comments

fiddlemath commented 3 years ago

Describe the issue:

Slither crashes on code that solc 0.8.7 can compile, if:

A top-level error definition has a parameter
The same top-level namespace contains at least two other definitions, at least one of which refers to the other
The top-level error definition is used anywhere in an analyzed contract
A function defined on the top-level then refers to that error definition.

Code example to reproduce the issue:

solc 0.8.7 will happily compile the following code; slither will crash on it:

error ErrorWithParam(uint256 value);
uint256 constant ONE = 1;
uint256 constant TWO = ONE + 1;
function foo() pure { revert ErrorWithParam(0); }
contract Bar { }

Moreover, if you comment out any one of these declarations, slither will succeed; and if you put foo inside contract Bar, then slither doesn't crash, but does report Missing function Variable not found: ErrorWithParam(uint256) (context Bar)

Version:

Version is 0.8.2, and in fact I installed directly from github at commit f11d896

Relevant log output:

Traceback (most recent call last):
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 601, in _analyze_content_top_level_function
func_parser.analyze_content()
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/declarations/function.py", line 305, in analyze_content
node_parser.analyze_expressions(self)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/cfg/node.py", line 33, in analyze_expressions
expression = parse_expression(self._unparsed_expression, caller_context)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/expressions/expression_parsing.py", line 296, in parse_expression
return parse_call(expression, caller_context)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/expressions/expression_parsing.py", line 139, in parse_call
called = parse_expression(expression["expression"], caller_context)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/expressions/expression_parsing.py", line 459, in parse_expression
var, was_created = find_variable(value, caller_context, referenced_declaration)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/expressions/find_variable.py", line 410, in find_variable
raise VariableNotFound("Variable not found: {} (context {})".format(var_name, contract))
slither.solc_parsing.exceptions.VariableNotFound: Variable not found: ErrorWithParam(uint256) (context None)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/main.py", line 744, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/main.py", line 87, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/main.py", line 70, in process_single
slither = Slither(target, ast_format=ast, **vars(args))
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/slither.py", line 120, in init
parser.parse_contracts()
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 436, in parse_contracts
self._analyze_third_part(contracts_to_be_analyzed, libraries)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 543, in _analyze_third_part
self._analyze_variables_modifiers_functions(contract)
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 617, in _analyze_variables_modifiers_functions
self._analyze_content_top_level_function()
File "/Users/fiddle/.asdf/installs/python/3.9.2/lib/python3.9/site-packages/slither/solc_parsing/slither_compilation_unit_solc.py", line 603, in _analyze_content_top_level_function
raise SlitherException(f"Missing {e} during top level function analyze") from e
slither.exceptions.SlitherException: Missing Variable not found: ErrorWithParam(uint256) (context None) during top level function analyze
Error:
Missing Variable not found: ErrorWithParam(uint256) (context None) during top level function analyze
Please report an issue to https://github.com/crytic/slither/issues

Answer 1 · 2022-03-16T01:27:56.000Z

For reference, here's our actual code triggering this failure.

Answer 2 · 2022-03-18T09:21:35.000Z

Hi @fiddlemath. Thanks (again) for reporting this issue, and creating a minimal PoC. We fixed it in #1131, and similar to #1116 the fix will be available in the next release (by the end of the month)