From ca22aa0949c2788a87ecadb401f57b34f44bd40e Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 2 Mar 2023 22:57:35 +0000 Subject: [PATCH] Update docs --- .github/workflows/checks.yml | 2 +- contracts/governance/TimelockController.sol | 3 +++ slither.config.json | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 780935493..4e92c1043 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -76,7 +76,7 @@ jobs: - uses: actions/checkout@v3 - name: Set up environment uses: ./.github/actions/setup - - uses: crytic/slither-action@v0.1.1 + - uses: crytic/slither-action@v0.2.0 codespell: if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable' diff --git a/contracts/governance/TimelockController.sol b/contracts/governance/TimelockController.sol index ad385af6d..139a38aba 100644 --- a/contracts/governance/TimelockController.sol +++ b/contracts/governance/TimelockController.sol @@ -316,6 +316,9 @@ contract TimelockController is AccessControl, IERC721Receiver, IERC1155Receiver * * - the caller must have the 'executor' role. */ + // This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending, + // thus any modifications to the operation during reentrancy should be caught. + // slither-disable-next-line reentrancy-eth function executeBatch( address[] calldata targets, uint256[] calldata values, diff --git a/slither.config.json b/slither.config.json index e52e3f5d5..2b618794a 100644 --- a/slither.config.json +++ b/slither.config.json @@ -1,4 +1,5 @@ { "detectors_to_run": "reentrancy-eth,reentrancy-no-eth,reentrancy-unlimited-gas", - "filter_paths": "contracts/mocks" + "filter_paths": "contracts/mocks", + "compile_force_framework": "hardhat" } \ No newline at end of file