Merge pull request #2575 from crytic/dev-optimism-deprecation

Add Optimism deprecation detector

Author: montyly

slither/detectors/all_detectors.py

@@ -97,5 +97,6 @@
 from .statements.tautological_compare import TautologicalCompare
 from .statements.return_bomb import ReturnBomb
 from .functions.out_of_order_retryable import OutOfOrderRetryable
+from .functions.optimism_deprecation import OptimismDeprecation
 
 # from .statements.unused_import import UnusedImport

slither/detectors/functions/optimism_deprecation.py

@@ -0,0 +1,92 @@
+from typing import List
+
+from slither.detectors.abstract_detector import (
+    AbstractDetector,
+    DetectorClassification,
+    DETECTOR_INFO,
+)
+from slither.core.cfg.node import Node
+from slither.core.variables.variable import Variable
+from slither.core.expressions import TypeConversion, Literal
+from slither.utils.output import Output
+
+
+class OptimismDeprecation(AbstractDetector):
+
+    ARGUMENT = "optimism-deprecation"
+    HELP = "Detect when deprecated Optimism predeploy or function is used."
+    IMPACT = DetectorClassification.LOW
+    CONFIDENCE = DetectorClassification.HIGH
+
+    WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#optimism-deprecation"
+
+    WIKI_TITLE = "Optimism deprecated predeploy or function"
+    WIKI_DESCRIPTION = "Detect when deprecated Optimism predeploy or function is used."
+
+    # region wiki_exploit_scenario
+    WIKI_EXPLOIT_SCENARIO = """
+```solidity
+interface GasPriceOracle {
+    function scalar() external view returns (uint256);
+}
+
+contract Test {
+    GasPriceOracle constant OPT_GAS = GasPriceOracle(0x420000000000000000000000000000000000000F);
+
+    function a() public {
+        OPT_GAS.scalar();    
+    }
+}
+```
+The call to the `scalar` function of the Optimism GasPriceOracle predeploy always revert.
+"""
+    # endregion wiki_exploit_scenario
+
+    WIKI_RECOMMENDATION = "Do not use the deprecated components."
+
+    def _detect(self) -> List[Output]:
+        results = []
+
+        deprecated_predeploys = [
+            "0x4200000000000000000000000000000000000000",  # LegacyMessagePasser
+            "0x4200000000000000000000000000000000000001",  # L1MessageSender
+            "0x4200000000000000000000000000000000000002",  # DeployerWhitelist
+            "0x4200000000000000000000000000000000000013",  # L1BlockNumber
+        ]
+
+        for contract in self.compilation_unit.contracts_derived:
+            use_deprecated: List[Node] = []
+
+            for _, ir in contract.all_high_level_calls:
+                # To avoid FPs we assume predeploy contracts are always assigned to a constant and typecasted to an interface
+                # and we check the target address of a high level call.
+                if (
+                    isinstance(ir.destination, Variable)
+                    and isinstance(ir.destination.expression, TypeConversion)
+                    and isinstance(ir.destination.expression.expression, Literal)
+                ):
+                    if ir.destination.expression.expression.value in deprecated_predeploys:
+                        use_deprecated.append(ir.node)
+
+                    if (
+                        ir.destination.expression.expression.value
+                        == "0x420000000000000000000000000000000000000F"
+                        and ir.function_name in ("overhead", "scalar", "getL1GasUsed")
+                    ):
+                        use_deprecated.append(ir.node)
+            # Sort so output is deterministic
+            use_deprecated.sort(key=lambda x: (x.node_id, x.function.full_name))
+            if len(use_deprecated) > 0:
+                info: DETECTOR_INFO = [
+                    "A deprecated Optimism predeploy or function is used in the ",
+                    contract.name,
+                    " contract.\n",
+                ]
+
+                for node in use_deprecated:
+                    info.extend(["\t - ", node, "\n"])
+
+                res = self.generate_result(info)
+                results.append(res)
+
+        return results

tests/e2e/detectors/snapshots/detectors__detector_OptimismDeprecation_0_8_20_optimism_deprecation_sol__0.txt

@@ -0,0 +1,4 @@
+A deprecated Optimism predeploy or function is used in the Test contract.
+	 - OPT_GAS.scalar() (tests/e2e/detectors/test_data/optimism-deprecation/0.8.20/optimism_deprecation.sol#15)
+	 - L1_BLOCK_NUMBER.q() (tests/e2e/detectors/test_data/optimism-deprecation/0.8.20/optimism_deprecation.sol#19)
+

tests/e2e/detectors/test_data/optimism-deprecation/0.8.20/optimism_deprecation.sol

@@ -0,0 +1,27 @@
+interface GasPriceOracle {
+    function scalar() external view returns (uint256);
+    function baseFee() external view returns (uint256);
+}
+
+interface L1BlockNumber {
+    function q() external view returns (uint256);
+}
+
+contract Test {
+    GasPriceOracle constant OPT_GAS = GasPriceOracle(0x420000000000000000000000000000000000000F);
+    L1BlockNumber constant L1_BLOCK_NUMBER = L1BlockNumber(0x4200000000000000000000000000000000000013);
+
+    function bad() public {
+        OPT_GAS.scalar();    
+    }
+
+    function bad2() public {
+        L1_BLOCK_NUMBER.q();    
+    }
+
+    function good() public {
+        OPT_GAS.baseFee();    
+    }
+
+
+}

tests/e2e/detectors/test_data/optimism-deprecation/0.8.20/optimism_deprecation.sol-0.8.20.zip

@@ -1714,6 +1714,11 @@ def id_test(test_item: Test):
         "out_of_order_retryable.sol",
         "0.8.20",
     ),
+    Test(
+        all_detectors.OptimismDeprecation,
+        "optimism_deprecation.sol",
+        "0.8.20",
+    ),
     # Test(
     #     all_detectors.UnusedImport,
     #     "ConstantContractLevelUsedInContractTest.sol",