Removed Unchecked External Call and Influence Checkers

This commit removes the UncheckedExternalCallChecker and UncheckedExternalInfluenceChecker classes, along with their associated abstract domains and related methods. The functionality for checking unchecked external calls and influences has been deemed unnecessary and has been removed from the codebase. Additionally, references to these checkers have been removed from the xEVMLiSA class and MyCache class, including the associated warning management methods. The benchmark tests have also been updated to exclude these checkers, streamlining the analysis process for smart contracts.

Author: merendamattia

src/main/java/it/unipr/crosschain/checker/AccessControlIncompletenessChecker.java

@@ -114,13 +114,19 @@ public boolean visit(
 
 				int numArgs = getNumberOfArgs(node);
 				boolean isAtLeastOneTainted = false;
+				boolean isAtLeastOneTop = false;
 
-				for (int argIndex = 1; argIndex <= numArgs; argIndex++)
+				for (int argIndex = 1; argIndex <= numArgs; argIndex++) {
 					isAtLeastOneTainted |= TaintElement.isAtLeastOneTainted(
 							taintedStack.getElementAtPosition(argIndex));
+					isAtLeastOneTop |= TaintElement.isAtLeastOneTop(
+							taintedStack.getElementAtPosition(argIndex));
+				}
 
 				if (isAtLeastOneTainted)
-					checkForAccessControlIncompleteness(tool, cfg, node);
+					checkForAccessControlIncompleteness(tool, cfg, node, false);
+				else if (isAtLeastOneTop)
+					checkForAccessControlIncompleteness(tool, cfg, node, true);
 			}
 		}
 		return true;
@@ -157,7 +163,7 @@ private int getNumberOfArgs(Statement node) {
 	 */
 	private void checkForAccessControlIncompleteness(CheckToolWithAnalysisResults<
 			SimpleAbstractState<MonolithicHeap, TaintAbstractDomain, TypeEnvironment<InferredTypes>>> tool, EVMCFG cfg,
-			Statement sink) {
+			Statement sink, boolean isTop) {
 
 		Set<Statement> sources = cfg.getAllStatementsByClass(
 				Calldataload.class,
@@ -176,23 +182,43 @@ private void checkForAccessControlIncompleteness(CheckToolWithAnalysisResults<
 
 				ProgramCounterLocation sinkLocation = (ProgramCounterLocation) sink.getLocation();
 
-				log.warn(
-						"[DEFINITE] Access Control Incompleteness vulnerability at pc {} (line {}) coming from pc {} (line {}).",
-						sinkLocation.getPc(),
-						sinkLocation.getSourceCodeLine(),
-						((ProgramCounterLocation) sink.getLocation()).getPc(),
-						((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine());
-
-				String warn = "[DEFINITE] Access Control Incompleteness vulnerability at "
-						+ ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine();
-				tool.warn(warn);
-				MyCache.getInstance().addUncheckedExternalCallWarning(cfg.hashCode(), warn);
-
-				warn = "[DEFINITE] Access Control Incompleteness vulnerability in " + contract.getName() + " at "
-						+ functionSignatureByStatement
-						+ " (pc: " + ((ProgramCounterLocation) sink.getLocation()).getPc() + ", "
-						+ "line: " + ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine() + ")";
-				MyCache.getInstance().addVulnerabilityPerFunction(cfg.hashCode(), warn);
+				if (isTop) {
+					log.warn(
+							"[POSSIBLE] Access Control Incompleteness vulnerability at pc {} (line {}) coming from pc {} (line {}).",
+							sinkLocation.getPc(),
+							sinkLocation.getSourceCodeLine(),
+							((ProgramCounterLocation) sink.getLocation()).getPc(),
+							((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine());
+
+					String warn = "[POSSIBLE] Access Control Incompleteness vulnerability at "
+							+ ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine();
+					tool.warn(warn);
+					MyCache.getInstance().addPossibleAccessControlIncompletenessWarning(cfg.hashCode(), warn);
+
+//					warn = "[POSSIBLE] Access Control Incompleteness vulnerability in " + contract.getName() + " at "
+//							+ functionSignatureByStatement
+//							+ " (pc: " + ((ProgramCounterLocation) sink.getLocation()).getPc() + ", "
+//							+ "line: " + ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine() + ")";
+//					MyCache.getInstance().addVulnerabilityPerFunction(cfg.hashCode(), warn);
+				} else {
+					log.warn(
+							"[DEFINITE] Access Control Incompleteness vulnerability at pc {} (line {}) coming from pc {} (line {}).",
+							sinkLocation.getPc(),
+							sinkLocation.getSourceCodeLine(),
+							((ProgramCounterLocation) sink.getLocation()).getPc(),
+							((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine());
+
+					String warn = "[DEFINITE] Access Control Incompleteness vulnerability at "
+							+ ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine();
+					tool.warn(warn);
+					MyCache.getInstance().addAccessControlIncompletenessWarning(cfg.hashCode(), warn);
+
+					warn = "[DEFINITE] Access Control Incompleteness vulnerability in " + contract.getName() + " at "
+							+ functionSignatureByStatement
+							+ " (pc: " + ((ProgramCounterLocation) sink.getLocation()).getPc() + ", "
+							+ "line: " + ((ProgramCounterLocation) sink.getLocation()).getSourceCodeLine() + ")";
+					MyCache.getInstance().addVulnerabilityPerFunction(cfg.hashCode(), warn);
+				}
 			}
 		}
 	}