pessimistic-io / slitherin Goto Github PK
View Code? Open in Web Editor NEWSlither Detectors by Pessimistic.io
Home Page: https://pessimistic.io/
License: GNU Affero General Public License v3.0
slitherin's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
offciercia bogdynator ethsecurity1 websecresearch smartcontract-detect-yzu c0c0red kalloc ololade97 choco-cupcake badgenius22 cache-and-burn uncle-enzo anhntbk08 markus0x1 dingo2077 bogdy9912 0kn0t looukk dijkstra-dev yhtiyar sentry0x winomot 0xxfu web3secresearch ethicalsecurity-agency case7026 web3secresearch davifbtc alecmaly sqrlfirst yanhuijessica beongkoswara1 kapilakapila107 stargalaxyplus01 spadlinhelaine tamishaearl hendryxmona zuelkevalene hertafate reifschneidervernita catherineshalwani gussierone kambermarquitta roberdsmildred marieliesbickleman moadgladys roseleesalte059 prexya lilcryptopump grazzland princeleonal joranhonig bwry mirkopezo rassska sedbangi shortdoom 0xscratchslitherin's Issues
`setup.py` is not working
Context:
OS: ubuntu 22:04
Within: Docker
Packages: If it's needed a list of any type of installed packages let me know
Steps:
After doing a basic git clone and then trying to run the setup configuration, well, it fails due to a missing module not in the installation guide.
-
Clone:
git clone https://github.com/pessimistic-io/slitherin.git ~/.slitherin -
Setup:
whitehat@9ce46d60434c:~$ cd .slitherin/
whitehat@9ce46d60434c:~/.slitherin$ ls
LICENSE.txt MANIFEST.in README.md docs package-lock.json package.json setup.py slitherin tests
whitehat@9ce46d60434c:~/.slitherin$ cd .slitherin/^C
whitehat@9ce46d60434c:~/.slitherin$ python3.9 setup.py develop --user
Traceback (most recent call last):
File "/home/whitehat/.slitherin/setup.py", line 2, in <module>
from slitherin.cli import SLITHERIN_VERSION
File "/home/whitehat/.slitherin/slitherin/cli.py", line 9, in <module>
import slither_pess
ModuleNotFoundError: No module named 'slither_pess'
whitehat@9ce46d60434c:~/.slitherin$ python3.9 setup.py develop
Traceback (most recent call last):
File "/home/whitehat/.slitherin/setup.py", line 2, in <module>
from slitherin.cli import SLITHERIN_VERSION
File "/home/whitehat/.slitherin/slitherin/cli.py", line 9, in <module>
import slither_pess
ModuleNotFoundError: No module named 'slither_pess'Previously this was working as intended, so I guess is due to the last patch
Issue Solved
Solved
magic-number: false positive
When converting code using actual magic numbers to move the magic numbers into function local variables, it still says they are magic numbers.
It seems to want all numbers to be contract level constants or state variables.
Reproducer Contract
TestWTF.sol:
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
contract TestMagicNumber {
function inValidDetection() public pure {
// @dev not a magic number because it is defined in a variable
uint magic = 4;
if (magic == magic) {
magic = 0;
}
}
}Output
$ slither TestWTF.sol
'solc --version' running
'solc @=node_modules/@ TestWTF.sol --combined-json abi,ast,bin,bin-runtime,srcmap,srcmap-runtime,userdoc,devdoc,hashes --allow-paths . running
INFO:Detectors:
Pragma version^0.8.0 (TestWTF.sol#3) allows old versions
solc-0.8.20 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
INFO:Detectors:
Function TestMagicNumber.inValidDetection() (TestWTF.sol#6-13) contains magic number: 4
Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/magic_number.md
INFO:Slither:TestWTF.sol analyzed (1 contracts with 107 detectors), 3 result(s) found`pess-arb-solidity-version` no longer applies
ArbOS 11 added support for PUSH0 and was finalized about two weeks ago
Strange Setter detector in Slitherin doesn't function as expected - Throws False Positives
I was running the slitherin tool in a smart contract that had the following constructor π
constructor(
string memory name,
string memory symbol,
uint256 totalSupply,
Fees memory fees_,
address routerAddress,
address routerAddress2
) ERC20(name, symbol) Ownable(msg.sender) {
fees = fees_;
uniswapV2Router = IUniswapV2Router02(routerAddress);
uniswapV2Router2 = IUniswapV2Router02(routerAddress2);
uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(
address(this),
uniswapV2Router.WETH()
);
uniswapV2Pair2 = IUniswapV2Factory(uniswapV2Router2.factory())
.createPair(address(this), uniswapV2Router2.WETH());
_isExcludedFromFee[BURN_ADDRESS] = true;
_isExcludedFromFee[address(this)] = true;
_isExcludedFromFee[owner()] = true;
_mint(msg.sender, totalSupply);
}
Slither threw an info-detector that says:
Function Ownable.constructor(address) (flat.sol#491-496) is a strange setter. Nothing is set in constructor or set in a function without using function parameters
This is incorrect as it can clearly be seen that :
- There are a few state variables that are being updated inside the constructor
- Additionally, the arguments passed are also being used in the constructor.
Error with detector unprotected-setter
Using:
- Python 3.10
- Slither 0.9.6
Iβm having this error:
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/__main__.py", line 814, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/__main__.py", line 102, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/__main__.py", line 82, in process_single
return _process(slither, detector_classes, printer_classes)
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/__main__.py", line 132, in _process
detector_resultss = slither.run_detectors()
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/slither.py", line 226, in run_detectors
results = [d.detect() for d in self._detectors]
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/slither.py", line 226, in <listcomp>
results = [d.detect() for d in self._detectors]
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/detectors/abstract_detector.py", line 187, in detect
for r in [output.data for output in self._detect()]:
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither_pess/detectors/unprotected_setter.py", line 56, in _detect
x = self.is_setter(f)
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither_pess/detectors/unprotected_setter.py", line 37, in is_setter
if right == str(p):
File "/home/bingen/workspace/liquity/virtuoso/contracts/.venv/lib/python3.10/site-packages/slither/core/variables/variable.py", line 182, in __str__
assert self._name
AssertionError
ERROR:root:Error in .
Constructor to disable initializers shows up as strange for older OZ versions
The following contract will trigger a pess-strange-setter warning when compiled with "@openzeppelin/contracts-upgradeable": "4.6.0" but won't show up in newer versions (4.7.0+).
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.14;
import '@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol';
contract Example is Initializable {
constructor() {
_disableInitializers();
}
}{
"dependencies": {
"@openzeppelin/contracts-upgradeable": "4.6.0",
"hardhat": "2.12.0"
}
}Function Example.constructor() (contracts/Example.sol#7-9) is a strange setter. Nothing is set in constructor or set in a function without using function parameters
Reference: https://github.com/pessimistic-io/slitherin/blob/master/docs/strange_setter.md
Unable to use slither after installing slitherin
After installing the slitherin and I tried running following command in one of my smart contracts
slither contracts/<Contract-Name> --config slither.config.json
I got the following error
Traceback (most recent call last):
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 810, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 101, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 81, in process_single
return _process(slither, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 120, in _process
slither.register_detector(detector_cls)
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/slither.py", line 188, in register_detector
instance = detector_class(compilation_unit, self, logger_detector)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither_pess/detectors/uni_v2.py", line 332, in __init__
fileJson = open(full_path)
^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither_pess/detectors/../utils/deflat_tokens.json'
ERROR:root:Error in contracts/WithdrawContract.sol
ERROR:root:Traceback (most recent call last):
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 810, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 101, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 81, in process_single
return _process(slither, detector_classes, printer_classes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/__main__.py", line 120, in _process
slither.register_detector(detector_cls)
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither/slither.py", line 188, in register_detector
instance = detector_class(compilation_unit, self, logger_detector)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither_pess/detectors/uni_v2.py", line 332, in __init__
fileJson = open(full_path)
^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/home/linuxbrew/.linuxbrew/opt/[email protected]/lib/python3.11/site-packages/slither_pess/detectors/../utils/deflat_tokens.json'
Can someone help me with this?
Napalm package / plugin
Hey hey,
I recently built a tool that helps people manage their custom detection modules: https://github.com/consensysdiligence/napalm Aside from helping manage modules it also allows for easy distribution and use of different sets of custom modules.
It would be suuper easy to set up napalm integration for this project! It'd be a couple lines of code that I'd be happy to commit!
With those lines of code people would be able to run slitherin detection modules within their napalm workflows.
Lmk what you think!
Here is how people could use this:
https://github.com/ConsenSysDiligence/napalm/blob/main/docs/running-with-napalm.md
Feature request: precede detector logs with "slitherin"
Hello,
First of all, thank you for this repo.
I believe it would be nice to precede its logs with "slitherin" so that we know when a finding was reported by it and not by the "original" slither detectors.
For example, when I run it on the tests/ folder, I get
INFO:Detectors:
Contract Bad_UniswapV2_test (tests/Bad_UniswapV2_test.sol#10-99) uses pair contract directly.
I suggest it is changed to
INFO:Detectors:
slitherin: Contract Bad_UniswapV2_test (tests/Bad_UniswapV2_test.sol#10-99) uses pair contract directly.
Bug in strange setter: `'SolidityFunction' object has no attribute 'parameters'`
I think, I introduced a problem in #67 :
for r in [output.data for output in self._detect()]:
File "/home/yhtiyar/dev/pessimistic/custom_detectors/slither_pess/detectors/strange_setter.py", line 72, in _detect
x = self._is_strange_setter(f)
File "/home/yhtiyar/dev/pessimistic/custom_detectors/slither_pess/detectors/strange_setter.py", line 36, in _is_strange_setter
for param in fin.parameters:
AttributeError: 'SolidityFunction' object has no attribute 'parameters
TypeError: object of type 'NoneType' has no len()
Hi!
I'm struggling with the following error during the execution of slither . or slitherin . --pess
Versions:
slither - 0.10.2
slitherin - 0.6.1
I will be grateful for your help
Traceback (most recent call last):
File "/opt/slither/bin/slither", line 8, in <module>
sys.exit(main())
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 753, in main
main_impl(all_detector_classes=detectors, all_printer_classes=printers)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 859, in main_impl
) = process_all(filename, args, detector_classes, printer_classes)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 107, in process_all
) = process_single(compilation, args, detector_classes, printer_classes)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 87, in process_single
return _process(slither, detector_classes, printer_classes)
File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 137, in _process
detector_resultss = slither.run_detectors()
File "/opt/slither/lib/python3.9/site-packages/slither/slither.py", line 290, in run_detectors
results = [d.detect() for d in self._detectors]
File "/opt/slither/lib/python3.9/site-packages/slither/slither.py", line 290, in <listcomp>
results = [d.detect() for d in self._detectors]
File "/opt/slither/lib/python3.9/site-packages/slither/detectors/abstract_detector.py", line 203, in detect
for r in [output.data for output in self._detect()]:
File "/opt/slither/lib/python3.9/site-packages/slitherin/detectors/potential_arith_overflow.py", line 110, in _detect
vulnerable_expressions = self._find_vulnerable_expressions(f)
File "/opt/slither/lib/python3.9/site-packages/slitherin/detectors/potential_arith_overflow.py", line 89, in _find_vulnerable_expressions
if len(irs) > 0 and isinstance(irs[-1], ops.Return) and len(fun.return_type) == 1 and str(fun.return_type[0]) in INT_TYPES: # @todo currently works only with single returns
TypeError: object of type 'NoneType' has no len()
nested internal function detect
/**
*Submitted for verification at BscScan.com on 2024-04-08
*/
// File: @openzeppelin/contracts/interfaces/draft-IERC6093.sol
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)
pragma solidity ^0.8.20;
/**
* @dev Standard ERC20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
*/
interface IERC20Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`βs `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/
error ERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
*/
interface IERC721Errors {
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/
error ERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/
error ERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/
error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @para/**
*Submitted for verification at BscScan.com on 2024-04-08
*/
// File: @openzeppelin/contracts/interfaces/draft-IERC6093.sol
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)
pragma solidity ^0.8.20;
/**
* @dev Standard ERC20 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
*/
interface IERC20Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC20InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC20InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `spender`βs `allowance`. Used in transfers.
* @param spender Address that may be allowed to operate on tokens without being their owner.
* @param allowance Amount of tokens a `spender` is allowed to operate with.
* @param needed Minimum amount required to perform a transfer.
*/
error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC20InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `spender` to be approved. Used in approvals.
* @param spender Address that may be allowed to operate on tokens without being their owner.
*/
error ERC20InvalidSpender(address spender);
}
/**
* @dev Standard ERC721 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
*/
interface IERC721Errors {
/**
* @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
* Used in balance queries.
* @param owner Address of the current owner of a token.
*/
error ERC721InvalidOwner(address owner);
/**
* @dev Indicates a `tokenId` whose `owner` is the zero address.
* @param tokenId Identifier number of a token.
*/
error ERC721NonexistentToken(uint256 tokenId);
/**
* @dev Indicates an error related to the ownership over a particular token. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param tokenId Identifier number of a token.
* @param owner Address of the current owner of a token.
*/
error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`βs approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/
error ERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
*/
interface IERC1155Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/
error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`βs approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/
error ERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/
error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}
// File: @openzeppelin/contracts/token/ERC20/IERC20.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
// File: @openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// File: @openzeppelin/contracts/utils/Context.sol
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
// File: @openzeppelin/contracts/token/ERC20/ERC20.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
mapping(address account => uint256) private _balances;
mapping(address account => mapping(address spender => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
// File: @openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Burnable.sol)
pragma solidity ^0.8.20;
/**
* @dev Extension of {ERC20} that allows token holders to destroy both their own
* tokens and those that they have an allowance for, in a way that can be
* recognized off-chain (via event analysis).
*/
abstract contract ERC20Burnable is Context, ERC20 {
/**
* @dev Destroys a `value` amount of tokens from the caller.
*
* See {ERC20-_burn}.
*/
function burn(uint256 value) public virtual {
_burn(_msgSender(), value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, deducting from
* the caller's allowance.
*
* See {ERC20-_burn} and {ERC20-allowance}.
*
* Requirements:
*
* - the caller must have allowance for ``accounts``'s tokens of at least
* `value`.
*/
function burnFrom(address account, uint256 value) public virtual {
_spendAllowance(account, _msgSender(), value);
_burn(account, value);
}
}
// File: @openzeppelin/contracts/access/Ownable.sol
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// File: contracts/lib/ISwapFactory.sol
pragma solidity ^0.8.0;
interface ISwapFactory {
function createPair(address tokenA, address tokenB) external returns (address pair);
}
// File: contracts/lib/ISwapPair.sol
pragma solidity ^0.8.0;
interface ISwapPair {
function sync() external;
function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
}
// File: contracts/lib/ISwapRouter.sol
pragma solidity ^0.8.0;
interface ISwapRouter {
function factory() external pure returns (address);
function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint256[] memory amounts);
function swapExactTokensForTokens(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) external returns (uint[] memory amounts);
}
// File: contracts/UPS.sol
pragma solidity ^0.8.20;
contract UPS is ERC20Burnable, Ownable {
ISwapRouter public swapRouter;
address public usdtAddress;
address public pairAddress;
uint256 public sellRate;
bool public canBuy = false;
mapping(address => bool) public whiteMap;
address[] public nodeList;
bool inSwapAndLiquify;
modifier lockTheSwap() {
inSwapAndLiquify = true;
_;
inSwapAndLiquify = false;
}
constructor() ERC20("UtopiaSphere", "UPS") Ownable(_msgSender()) {
sellRate = 5;
if (block.chainid == 56) {
usdtAddress = 0x55d398326f99059fF775485246999027B3197955;
swapRouter = ISwapRouter(0x10ED43C718714eb63d5aA57B78B54704E256024E);
} else {
usdtAddress = 0x311bb5a90eA517529F6CE7e2aE19E9390ce35a0C;
swapRouter = ISwapRouter(0xD99D1c33F9fC3444f8101754aBC46c52416550D1);
}
pairAddress = ISwapFactory(swapRouter.factory()).createPair(usdtAddress, address(this));
whiteMap[_msgSender()] = true;
_mint(_msgSender(), 420 * 1e8 ether);
}
function _swapBurn(uint amount) private lockTheSwap {
super._burn(pairAddress, amount);
ISwapPair(pairAddress).sync();
}
function setRate(uint256 _sellRate) public onlyOwner {
sellRate = _sellRate;
}
function setNodeList(address[] memory list) public onlyOwner {
nodeList = list;
}
function setWhiteMap(address[] memory users, bool value) public onlyOwner {
for (uint256 i = 0; i < users.length; i++) {
whiteMap[users[i]] = value;
}
}
function getPrice() public view returns (uint256 price) {
address[] memory path = new address[](2);
path[0] = address(this);
path[1] = usdtAddress;
(uint256 reserve1, uint256 reserve2,) = ISwapPair(pairAddress).getReserves();
if (reserve1 == 0 || reserve2 == 0) {
price = 0;
} else {
price = swapRouter.getAmountsOut(10 ** decimals(), path)[1];
}
}
function transfer(address to, uint256 value) public virtual override returns (bool) {
if (to == address(0)) {
_burn(_msgSender(), value);
return true;
} else {
super._transfer(_msgSender(), to, value);
return true;
}
}
function _update(address from, address to, uint256 amount) internal virtual override {
if (inSwapAndLiquify || whiteMap[from] || whiteMap[to] || !(from == pairAddress || to == pairAddress)) {
// η½εεγ转账
super._update(from, to, amount);
} else if (from == pairAddress) { // δΉ°
require(canBuy || getPrice() > 5e14, "can not trade");
if (!canBuy) {
canBuy = true;
}
super._update(from, to, amount);
} else if (to == pairAddress) { // ε
uint256 fee = amount * 5 / 100;
if (!inSwapAndLiquify) {
_swapBurn(amount - fee);
}
if (nodeList.length > 0) {
uint256 every = fee / nodeList.length;
for (uint256 i = 0; i < nodeList.length; i++) {
super._update(from, nodeList[i], every);
}
} else {
_burn(from, fee);
}
super._update(from, to, amount - fee);
}
}
}m sender Address whose tokens are being transferred.
*/
error ERC721InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC721InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`βs approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param tokenId Identifier number of a token.
*/
error ERC721InsufficientApproval(address operator, uint256 tokenId);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC721InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC721InvalidOperator(address operator);
}
/**
* @dev Standard ERC1155 Errors
* Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
*/
interface IERC1155Errors {
/**
* @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
* @param balance Current balance for the interacting account.
* @param needed Minimum amount required to perform a transfer.
* @param tokenId Identifier number of a token.
*/
error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
/**
* @dev Indicates a failure with the token `sender`. Used in transfers.
* @param sender Address whose tokens are being transferred.
*/
error ERC1155InvalidSender(address sender);
/**
* @dev Indicates a failure with the token `receiver`. Used in transfers.
* @param receiver Address to which tokens are being transferred.
*/
error ERC1155InvalidReceiver(address receiver);
/**
* @dev Indicates a failure with the `operator`βs approval. Used in transfers.
* @param operator Address that may be allowed to operate on tokens without being their owner.
* @param owner Address of the current owner of a token.
*/
error ERC1155MissingApprovalForAll(address operator, address owner);
/**
* @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
* @param approver Address initiating an approval operation.
*/
error ERC1155InvalidApprover(address approver);
/**
* @dev Indicates a failure with the `operator` to be approved. Used in approvals.
* @param operator Address that may be allowed to operate on tokens without being their owner.
*/
error ERC1155InvalidOperator(address operator);
/**
* @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
* Used in batch transfers.
* @param idsLength Length of the array of token identifiers
* @param valuesLength Length of the array of token amounts
*/
error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
}
// File: @openzeppelin/contracts/token/ERC20/IERC20.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
// File: @openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface for the optional metadata functions from the ERC20 standard.
*/
interface IERC20Metadata is IERC20 {
/**
* @dev Returns the name of the token.
*/
function name() external view returns (string memory);
/**
* @dev Returns the symbol of the token.
*/
function symbol() external view returns (string memory);
/**
* @dev Returns the decimals places of the token.
*/
function decimals() external view returns (uint8);
}
// File: @openzeppelin/contracts/utils/Context.sol
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
// File: @openzeppelin/contracts/token/ERC20/ERC20.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
mapping(address account => uint256) private _balances;
mapping(address account => mapping(address spender => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
// File: @openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/ERC20Burnable.sol)
pragma solidity ^0.8.20;
/**
* @dev Extension of {ERC20} that allows token holders to destroy both their own
* tokens and those that they have an allowance for, in a way that can be
* recognized off-chain (via event analysis).
*/
abstract contract ERC20Burnable is Context, ERC20 {
/**
* @dev Destroys a `value` amount of tokens from the caller.
*
* See {ERC20-_burn}.
*/
function burn(uint256 value) public virtual {
_burn(_msgSender(), value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, deducting from
* the caller's allowance.
*
* See {ERC20-_burn} and {ERC20-allowance}.
*
* Requirements:
*
* - the caller must have allowance for ``accounts``'s tokens of at least
* `value`.
*/
function burnFrom(address account, uint256 value) public virtual {
_spendAllowance(account, _msgSender(), value);
_burn(account, value);
}
}
// File: @openzeppelin/contracts/access/Ownable.sol
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// File: contracts/lib/ISwapFactory.sol
pragma solidity ^0.8.0;
interface ISwapFactory {
function createPair(address tokenA, address tokenB) external returns (address pair);
}
// File: contracts/lib/ISwapPair.sol
pragma solidity ^0.8.0;
interface ISwapPair {
function sync() external;
function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
}
// File: contracts/lib/ISwapRouter.sol
pragma solidity ^0.8.0;
interface ISwapRouter {
function factory() external pure returns (address);
function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint256[] memory amounts);
function swapExactTokensForTokens(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline) external returns (uint[] memory amounts);
}
// File: contracts/UPS.sol
pragma solidity ^0.8.20;
contract UPS is ERC20Burnable, Ownable {
ISwapRouter public swapRouter;
address public usdtAddress;
address public pairAddress;
uint256 public sellRate;
bool public canBuy = false;
mapping(address => bool) public whiteMap;
address[] public nodeList;
bool inSwapAndLiquify;
modifier lockTheSwap() {
inSwapAndLiquify = true;
_;
inSwapAndLiquify = false;
}
constructor() ERC20("UtopiaSphere", "UPS") Ownable(_msgSender()) {
sellRate = 5;
if (block.chainid == 56) {
usdtAddress = 0x55d398326f99059fF775485246999027B3197955;
swapRouter = ISwapRouter(0x10ED43C718714eb63d5aA57B78B54704E256024E);
} else {
usdtAddress = 0x311bb5a90eA517529F6CE7e2aE19E9390ce35a0C;
swapRouter = ISwapRouter(0xD99D1c33F9fC3444f8101754aBC46c52416550D1);
}
pairAddress = ISwapFactory(swapRouter.factory()).createPair(usdtAddress, address(this));
whiteMap[_msgSender()] = true;
_mint(_msgSender(), 420 * 1e8 ether);
}
function _swapBurn(uint amount) private lockTheSwap {
super._burn(pairAddress, amount);
ISwapPair(pairAddress).sync();
}
function setRate(uint256 _sellRate) public onlyOwner {
sellRate = _sellRate;
}
function setNodeList(address[] memory list) public onlyOwner {
nodeList = list;
}
function setWhiteMap(address[] memory users, bool value) public onlyOwner {
for (uint256 i = 0; i < users.length; i++) {
whiteMap[users[i]] = value;
}
}
function getPrice() public view returns (uint256 price) {
address[] memory path = new address[](2);
path[0] = address(this);
path[1] = usdtAddress;
(uint256 reserve1, uint256 reserve2,) = ISwapPair(pairAddress).getReserves();
if (reserve1 == 0 || reserve2 == 0) {
price = 0;
} else {
price = swapRouter.getAmountsOut(10 ** decimals(), path)[1];
}
}
function transfer(address to, uint256 value) public virtual override returns (bool) {
if (to == address(0)) {
_burn(_msgSender(), value);
return true;
} else {
super._transfer(_msgSender(), to, value);
return true;
}
}
function _update(address from, address to, uint256 amount) internal virtual override {
if (inSwapAndLiquify || whiteMap[from] || whiteMap[to] || !(from == pairAddress || to == pairAddress)) {
// η½εεγ转账
super._update(from, to, amount);
} else if (from == pairAddress) { // δΉ°
require(canBuy || getPrice() > 5e14, "can not trade");
if (!canBuy) {
canBuy = true;
}
super._update(from, to, amount);
} else if (to == pairAddress) { // ε
uint256 fee = amount * 5 / 100;
if (!inSwapAndLiquify) {
_swapBurn(amount - fee);
}
if (nodeList.length > 0) {
uint256 every = fee / nodeList.length;
for (uint256 i = 0; i < nodeList.length; i++) {
super._update(from, nodeList[i], every);
}
} else {
_burn(from, fee);
}
super._update(from, to, amount - fee);
}
}
}
the ISwapPair(pairAddress).sync() will invoke in the internal function _swapBurn, and the _swapBurn is also nested in _update, How can I detect the sync function?
Slitherin scan fails
I installed slitherin using pip (python3.8).
My machine macos.
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.8/bin/slitherin", line 5, in <module>
from slitherin.cli import main
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/slitherin/cli.py", line 9, in <module>
import slither_pess
File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/slither_pess/__init__.py", line 1, in <module>
from slither_pess.detectors.arbitrary_call.arbitrary_call import ArbitraryCall
ModuleNotFoundError: No module named 'slither_pess.detectors.arbitrary_call'
AttributeError: 'NewContract' object has no attribute '_expression
Hi, we are facing the following error in our codebase ("AttributeError: 'NewContract' object has no attribute '_expression'") . This is caused by a Slitherin detector because if I run with the separate param the Slither parts finishes successfully and the failure is on the Slitherin side.
Any idea what could cause this? Older branches of our codebase finish successfully so its something in our current branches that cannot be parsed correctly I believe.
Versions: slither 0.10.1, and slitherin 0.6.1
The issue is strange_setter. I can provide details on how to replicate with our repo which is public. Let me know if that helps.. If I run it with slitherin . --exclude pess-strange-setter it finishes successfully.
FP: external vs public function detectors triggers on constructor
We need to skip constructors
Ignore standard libraries in `pess-call-forward-to-protected`
pess-call-forward-to-protected detector FPs a lot on standard libraries like oz Address, TransferHelper, and so on, results from which are not so important.
Example FPs:
Function TransferHelper.safeApprove(address,address,uint256) (single.sol#120-131) contains a low level call to a custom address
Function TransferHelper.safeTransferETH(address,uint256) (single.sol#160-163) contains a low level call to a custom address
Function Address.functionDelegateCall(address,bytes,string) (Address.sol#184-193) contains a low level call to a custom address
Function Address.functionStaticCall(address,bytes,string) (Address.sol#157-166) contains a low level call to a custom address
Any plan to support on Windows?
Hello ser, I tried slitherin with python3.9.7 on windows10, but it threw error around tty usage in cli.py
ModuleNotFoundError: No module named 'termios'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.