Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add detector for unused custom errors #2565

Open
wants to merge 19 commits into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions slither/detectors/all_detectors.py
Original file line number Diff line number Diff line change
Expand Up @@ -104,5 +104,6 @@
from .functions.chainlink_feed_registry import ChainlinkFeedRegistry
from .functions.pyth_deprecated_functions import PythDeprecatedFunctions
from .functions.optimism_deprecation import OptimismDeprecation
from .statements.unused_custom_errors import UnusedCustomErrors

# from .statements.unused_import import UnusedImport
94 changes: 94 additions & 0 deletions slither/detectors/statements/unused_custom_errors.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
"""
Module detecting unused custom errors
"""
from typing import List, Set
from slither.core.declarations.custom_error import CustomError
from slither.core.declarations.custom_error_top_level import CustomErrorTopLevel
from slither.core.declarations.solidity_variables import SolidityCustomRevert
from slither.detectors.abstract_detector import (
AbstractDetector,
DetectorClassification,
DETECTOR_INFO,
)
from slither.utils.output import Output


class UnusedCustomErrors(AbstractDetector):
"""
Unused custom errors detector
"""

ARGUMENT = "unused-custom-errors"
HELP = "Detects unused custom errors"
IMPACT = DetectorClassification.INFORMATIONAL
CONFIDENCE = DetectorClassification.HIGH

WIKI = "https://github.com/crytic/slither/wiki/Detector-Documentation#unused-custom-errors"

WIKI_TITLE = "Unused Custom Errors"
WIKI_DESCRIPTION = "Declaring a custom error, but never using it might indicate a mistake."

# region wiki_exploit_scenario
WIKI_EXPLOIT_SCENARIO = """
```solidity
contract A {
error ZeroAddressNotAllowed();

address public owner;

constructor(address _owner) {
owner = _owner;
}
}
```
Custom error `ZeroAddressNotAllowed` is declared but never used. It shall be either invoked where needed, or removed if there's no need for it.
"""
# endregion wiki_exploit_scenario = ""
WIKI_RECOMMENDATION = "Remove the unused custom errors."

def _detect(self) -> List[Output]:
"""Detect unused custom errors"""
declared_custom_errors: Set[CustomError] = set()
custom_reverts: Set[SolidityCustomRevert] = set()
unused_custom_errors: List[CustomError] = []

# Collect all custom errors defined in the contracts
for contract in self.compilation_unit.contracts:
for custom_error in contract.custom_errors:
declared_custom_errors.add(custom_error)

# Add custom errors defined outside of contracts
for custom_error in self.compilation_unit.custom_errors:
declared_custom_errors.add(custom_error)

# Collect all custom errors invoked in revert statements
for contract in self.compilation_unit.contracts:
for function in contract.functions_and_modifiers:
for internal_call in function.internal_calls:
if isinstance(internal_call.function, SolidityCustomRevert):
custom_reverts.add(internal_call.function)

# Find unused custom errors
for declared_error in declared_custom_errors:
if not any(
declared_error.name in custom_revert.name for custom_revert in custom_reverts
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the name could have false negative. For example try adding this in the contract test. It won't get detected.

contract C {
    error UsedParentErr(address x);
}

A better approach could be to have custom_errors with the actual CustomError instance instead of the name and then check here with declared_error == custom_revert. When you are adding the custom error you can get the instance with internal_call.function.custom_error

):
unused_custom_errors.append(declared_error)

# Sort by error name
unused_custom_errors = sorted(unused_custom_errors, key=lambda err: err.name)

# Format results
results = []
if len(unused_custom_errors) > 0:
info: DETECTOR_INFO = ["The following unused error(s) should be removed:"]
for custom_error in unused_custom_errors:
file_scope = (
custom_error.file_scope
if isinstance(custom_error, CustomErrorTopLevel)
else custom_error.contract.file_scope
)
info += ["\n\t-", custom_error.full_name, " (", file_scope.filename.short, ")\n"]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can just use custom_error and in the output you will have automatically its filename. Also it would be better to have individual findings for each custom error instead of one with everything.

results.append(self.generate_result(info))

return results
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
The following unused error(s) should be removed:
-UnusedErrorLibConsumerErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ErrorLibConsumer.sol)

-UnusedLibError() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/CustomErrorsLib.sol)

-UnusedParentErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

-UnusedParentErrWithArg(uint256) (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

-UnusedTopLevelErr() (tests/e2e/detectors/test_data/unused-custom-errors/0.8.15/ContractToTestForCustomErrors.sol)

Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

error UnusedTopLevelErr();
error UsedTopLevelErr();

import "./ErrorLibConsumer.sol";

contract ParentContract {
error UnusedParentErr();
error UnusedParentErrWithArg(uint256 x);
error UsedParentErr(address x);
error UsedParentErrInChild(uint256 x);

constructor() {
new ErrorLibConsumer();
}

function x() public view {
uint256 d = 7;
if (msg.sender == address(0)) {
d = 100;
revert UsedParentErr(msg.sender);
}
}
}

contract ContractToTestForCustomErrors is ParentContract {
function y() public {
address f = msg.sender;
(bool s,) = f.call("");
if (!s) {
revert UsedParentErrInChild(1);
}
revert UsedTopLevelErr();
}

function z() public {
revert Lib.UsedLibErrorB(8);
}
}
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

library Lib {
error UnusedLibError();
error UsedLibErrorA();
error UsedLibErrorB(uint256 x);
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// SPDX-License-Identifier: Unlicense
pragma solidity 0.8.15;

import "./CustomErrorsLib.sol";

contract ErrorLibConsumer {
error UnusedErrorLibConsumerErr();
error UsedErrorLibConsumerErr();

constructor() {
revert Lib.UsedLibErrorA();
}

function a() public pure {
revert UsedErrorLibConsumerErr();
}
}
5 changes: 5 additions & 0 deletions tests/e2e/detectors/test_detectors.py
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,11 @@ def id_test(test_item: Test):
"unused_state.sol",
"0.7.6",
),
Test(
all_detectors.UnusedCustomErrors,
"ContractToTestForCustomErrors.sol",
"0.8.15",
),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.4.25"),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.5.16"),
Test(all_detectors.LockedEther, "locked_ether.sol", "0.6.11"),
Expand Down