NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore reentrancy inexecuteBatch and update Slither config (#3955)

Browse Source 
Co-authored-by: Francisco <fg@frang.io>
(cherry picked from commit a5af0adce4)
This commit is contained in:
alpharush
2023-01-13 11:29:53 -06:00
committed by Francisco Giordano
parent 43aa7ff1f5
commit ab9cc4c4db
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/checks.yml vendored
View File

@ -76,7 +76,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Set up environment - name: Set up environment
uses: ./.github/actions/setup uses: ./.github/actions/setup
- uses: crytic/slither-action@v0.1.1 - uses: crytic/slither-action@v0.2.0
codespell: codespell:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable' if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'

3
contracts/governance/TimelockController.sol
View File

@ -316,6 +316,9 @@ contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver
* *
* - the caller must have the 'executor' role. * - the caller must have the 'executor' role.
*/ */
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function executeBatch( function executeBatch(
address[] calldata targets, address[] calldata targets,
uint256[] calldata values, uint256[] calldata values,

3
slither.config.json
View File

@ -1,4 +1,5 @@
{ {
"detectors_to_run": "reentrancy-eth,reentrancy-no-eth,reentrancy-unlimited-gas", "detectors_to_run": "reentrancy-eth,reentrancy-no-eth,reentrancy-unlimited-gas",
"filter_paths": "contracts/mocks" "filter_paths": "contracts/mocks",
"compile_force_framework": "hardhat"
} }