From 1aeba7c83a9011234c7b3cf4699bc4aa47f9b3cd Mon Sep 17 00:00:00 2001
From: POTHURI HARIKA <cb.en.p2cys21018@cb.students.amrita.edu>
Date: Thu, 15 Jun 2023 12:30:11 +0530
Subject: [PATCH] Upload New File
---
.../Rules/SOLIDITY_WRONG_SIGNATURE.md | 409 ++++++++++++++++++
1 file changed, 409 insertions(+)
create mode 100644 Tools/SmartCheck/Solidity/Rules/SOLIDITY_WRONG_SIGNATURE.md
diff --git a/Tools/SmartCheck/Solidity/Rules/SOLIDITY_WRONG_SIGNATURE.md b/Tools/SmartCheck/Solidity/Rules/SOLIDITY_WRONG_SIGNATURE.md
new file mode 100644
index 0000000..be39e2b
--- /dev/null
+++ b/Tools/SmartCheck/Solidity/Rules/SOLIDITY_WRONG_SIGNATURE.md
@@ -0,0 +1,409 @@
+# Analysis of Smart Contract Security Vulnerabilities and Tools 
+     <br/>    <br/>
+ <br/>
+
+
+## SOLIDITY_WRONG_SIGNATURE
+### Rule Description
+<p>
+ In Solidity, the function signature is defined as the canonical expression of the basic prototype without data location specifier, i.e. the function name with the parenthesised list of parameter types. Parameter types are split by a single comma - no spaces are used. This means one should use <code>uint256</code> and <code>int256</code> instead of <code>uint</code> or <code>int</code>.
+</p>
+
+### Solidity-Rules
+
+ 
+
+```
+functionCall
+ [callArguments//primaryExpression
+ [
+ contains(stringLiteral, "uint,")
+ or contains(stringLiteral, "int,")
+ or contains(stringLiteral, "uint)")
+ or contains(stringLiteral, "int)")
+ or contains(stringLiteral, "uint[")
+ or contains(stringLiteral, "int[")
+ ]
+ ]
+ [callArguments/tupleExpression/expression[1]
+ [typeConversion[typeName/elementaryTypeName[text()[1] = "bytes4"]]]
+ [//functionCall/functionName/identifier[matches(text()[1], "^sha3$|^keccak256$")]]
+ ]
+```
+
+ 
+
+```
+functionCall/callArguments
+ [tupleExpression/expression
+ [expression/primaryExpression/identifier[text()[1] = "abi"]]
+ [functionCall/functionName/identifier[text()[1] = "encodeWithSignature"]]
+ [
+ functionCall//primaryExpression
+ [
+ contains(stringLiteral, "uint)")
+ or contains(stringLiteral, "int)")
+ or contains(stringLiteral, "uint,")
+ or contains(stringLiteral, "int,")
+ or contains(stringLiteral, "uint[")
+ or contains(stringLiteral, "int[")
+ ]
+ ]
+ ]
+```
+
+### Sample Code
+
+```
+pragma solidity 0.4.25;
+
+contract A {
+
+ function foo1(address _spender, uint _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ require(_spender.call.value(10).gas(11)(bytes4(bytes32(sha3("receiveApproval(address,uint)"))), msg.sender, _value));
+ return true;
+ }
+
+ function foo2(address _spender, int _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,int,address)"))), msg.sender, _value, this));
+ return true;
+ }
+
+ function foo3(address _spender, uint256 _value) public returns (bool success) {
+ require(_spender.call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address)"))), msg.sender, _value, this));
+ return true;
+ }
+
+ function foo4(address _spender, int256 _value) public returns (bool success) {
+ require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,int256)"))), msg.sender, _value));
+ return true;
+ }
+
+ function foo5(address _spender, uint _value ) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ return _spender.call.gas(11)(bytes4(sha3("receiveApproval(address,uint)")), msg.sender, _value);
+ }
+
+ function foo6(address _spender, int _value ) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ return _spender.call(bytes4(keccak256("receiveApproval(address,int, address)")), msg.sender, _value, this);
+ }
+
+ function foo7(address _spender, uint256 _value) public returns (bool success) {
+ return _spender.call.value(10)(bytes4(sha3("receiveApproval(address,address)")), msg.sender, this);
+ }
+
+ function foo8(address _spender, uint _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE rec155
+ return _spender.call(abi.encodeWithSignature("receiveApproval(address,uint)"), msg.sender, _value);
+ }
+
+ function foo9(address _spender, int _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE rec155
+ return _spender.call(abi.encodeWithSignature("receiveApproval(address,int)"), msg.sender, _value);
+ }
+
+ function foo10(address _spender, uint _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE rec155
+ return _spender.call(abi.encodeWithSignature("receiveApproval(uint,address)"), _value, msg.sender);
+ }
+
+ function foo11(address _spender, uint256 _value) public returns (bool success) {
+ return _spender.call(abi.encodeWithSignature("receiveApproval(uint256,address)"), _value, msg.sender);
+ }
+
+ function foo12(address _spender, int[] _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ require(_spender.call.value(10)(bytes4((sha3("receiveApproval(address,int[],address)"))), msg.sender, _value, this));
+ return true;
+ }
+
+ function foo13(address _spender, uint[] _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE ui25n6
+ require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint[],address)"))), msg.sender, _value, this));
+ return true;
+ }
+
+ function foo14(address _spender, uint256[] _value) public returns (bool success) {
+ require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint256[],address)"))), msg.sender, _value, this));
+ return true;
+ }
+
+ function foo11(address _spender, uint[] _value) public returns (bool success) {
+ // <yes> <report> SOLIDITY_WRONG_SIGNATURE rec155
+ return _spender.call(abi.encodeWithSignature("receiveApproval(uint[],address)"), _value, msg.sender);
+ }
+
+ function foo11(address _spender, int256[] _value) public returns (bool success) {
+ return _spender.call(abi.encodeWithSignature("receiveApproval(int256[],address)"), _value, msg.sender);
+ }
+}
+```
+
+### Abstract Syntax Tree
+
+[Click Here](https://astexplorer.net/#/gist/efc5295f7b31e0790fdf238b7c5ffd16/eaf65404a7094645d1c32d97ec169e0f7ee13696) to view the AST for the above code. Code generated from AST Explorer using _solidity-parser-antlr-0.4.11_
+
+
+### Code Result
+
+```
+ruleId: SOLIDITY_DEPRECATED_CONSTRUCTIONS
+patternId: 187b5a
+severity: 1
+line: 7
+column: 63
+content: sha3
+
+ruleId: SOLIDITY_DEPRECATED_CONSTRUCTIONS
+patternId: 187b5a
+severity: 1
+line: 18
+column: 45
+content: sha3
+
+ruleId: SOLIDITY_DEPRECATED_CONSTRUCTIONS
+patternId: 187b5a
+severity: 1
+line: 29
+column: 44
+content: sha3
+
+ruleId: SOLIDITY_DEPRECATED_CONSTRUCTIONS
+patternId: 187b5a
+severity: 1
+line: 38
+column: 46
+content: sha3
+
+ruleId: SOLIDITY_DEPRECATED_CONSTRUCTIONS
+patternId: 187b5a
+severity: 1
+line: 62
+column: 48
+content: sha3
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 7
+column: 25
+content: call.value(10).gas(11)(bytes4(bytes32(sha3("receiveApproval(address,uint)"))),msg.sender,_value)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 13
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,int,address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 18
+column: 25
+content: call(bytes4(bytes32(sha3("receiveApproval(address,uint256,address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 23
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,int256)"))),msg.sender,_value)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 29
+column: 24
+content: call.gas(11)(bytes4(sha3("receiveApproval(address,uint)")),msg.sender,_value)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 34
+column: 24
+content: call(bytes4(keccak256("receiveApproval(address,int, address)")),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 38
+column: 24
+content: call.value(10)(bytes4(sha3("receiveApproval(address,address)")),msg.sender,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 43
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(address,uint)"),msg.sender,_value)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 48
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(address,int)"),msg.sender,_value)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 53
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(uint,address)"),_value,msg.sender)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 57
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(uint256,address)"),_value,msg.sender)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 62
+column: 25
+content: call.value(10)(bytes4((sha3("receiveApproval(address,int[],address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 68
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,uint[],address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 73
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,uint256[],address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 79
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(uint[],address)"),_value,msg.sender)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 83k1no
+severity: 1
+line: 83
+column: 24
+content: call(abi.encodeWithSignature("receiveApproval(int256[],address)"),_value,msg.sender)
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 341gim
+severity: 1
+line: 60
+column: 37
+content: int[]_value
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 341gim
+severity: 1
+line: 66
+column: 37
+content: uint[]_value
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 341gim
+severity: 1
+line: 72
+column: 37
+content: uint256[]_value
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 341gim
+severity: 1
+line: 77
+column: 37
+content: uint[]_value
+
+ruleId: SOLIDITY_UPGRADE_TO_050
+patternId: 341gim
+severity: 1
+line: 82
+column: 37
+content: int256[]_value
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 7
+column: 25
+content: call.value(10).gas(11)(bytes4(bytes32(sha3("receiveApproval(address,uint)"))),msg.sender,_value)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 13
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,int,address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 29
+column: 24
+content: call.gas(11)(bytes4(sha3("receiveApproval(address,uint)")),msg.sender,_value)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 34
+column: 24
+content: call(bytes4(keccak256("receiveApproval(address,int, address)")),msg.sender,_value,this)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 62
+column: 25
+content: call.value(10)(bytes4((sha3("receiveApproval(address,int[],address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: ui25n6
+severity: 2
+line: 68
+column: 25
+content: call(bytes4(bytes32(keccak256("receiveApproval(address,uint[],address)"))),msg.sender,_value,this)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: rec155
+severity: 2
+line: 43
+column: 28
+content: (abi.encodeWithSignature("receiveApproval(address,uint)"),msg.sender,_value)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: rec155
+severity: 2
+line: 48
+column: 28
+content: (abi.encodeWithSignature("receiveApproval(address,int)"),msg.sender,_value)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: rec155
+severity: 2
+line: 53
+column: 28
+content: (abi.encodeWithSignature("receiveApproval(uint,address)"),_value,msg.sender)
+
+ruleId: SOLIDITY_WRONG_SIGNATURE
+patternId: rec155
+severity: 2
+line: 79
+column: 28
+content: (abi.encodeWithSignature("receiveApproval(uint[],address)"),_value,msg.sender)
+
+SOLIDITY_DEPRECATED_CONSTRUCTIONS :5
+SOLIDITY_UPGRADE_TO_050 :21
+SOLIDITY_WRONG_SIGNATURE :10
+
+```
--
GitLab