UnrestrictedWrite violation reported for unreachable code

Question

UnrestrictedWrite violation reported for unreachable code

VeraBE opened this issue 5 years ago · 2 comments

I'm running Securify with Docker, I pulled the latest version, ran:
sudo docker build . -t securify
and then:
sudo docker run -v $(pwd)/contracts:/project securify

The contracts folder only had this one:

pragma solidity ^0.4.24;

contract UnrestrictedWrite {
    bool public aVar;

    function aFunction(bool aParam) public {
        if (false) {
            aVar = aParam;
        }
    }
}

I get this in Securify's output:

Violation for UnrestrictedWrite in contract 'UnrestrictedWrite':
    |    function aFunction(bool aParam) public {
    |        if (false) {
  > |            aVar = aParam;
    |        }
    |    }
  at /project/UnrestrictedWrite_securify.sol(8)

Answer 1 · 2019-06-28T16:48:58.000Z

Hi Vera, Securify doesn't perform symbolic analysis to identify that the assignment to aVar as unreachable. Hence it issues a false positive for your example.

Answer 2 · 2019-06-28T16:51:42.000Z

Thanks for the quick reply!