You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
contract Wallet {
uint balance;
function send(){
if (balance > 0){
msg.sender.call.value(balance)();
balance = 0;
}
revert();
}
}
Securify reports violations for multiple patterns even though they cannot take place. In my intuition, the patterns (probably most securify patterns) are lacking something saying that this action, e.g. the storage write in case of the DAO pattern, may be followed by a STOP or RETURN.
The text was updated successfully, but these errors were encountered:
@ptsankov thanks for the clarification. Which priority would you give this issue, given that most instructions will have some path to a non-reverting end of execution?
Close to zero, the assumption is reasonable, flagging dead code is fine, and to fix this precision issue we will need to integrate with the symbolic system which is pretty major.
For this kind of dead code (variable is read-only so the branching can solved statically, at compilation time), the improvement arguably belongs more to the compiler (optimizer) rather than Securify itself, so it could make more sense to solve it there directly.
Consider the following example:
Securify reports violations for multiple patterns even though they cannot take place. In my intuition, the patterns (probably most securify patterns) are lacking something saying that this action, e.g. the storage write in case of the
DAO
pattern, may be followed by aSTOP
orRETURN
.The text was updated successfully, but these errors were encountered: