[Bug-Candidate]: For some reason I haven't been able to get slither to start on windows 7.

[mattjaf]

Describe the issue:

I installed it with py -m pip slither-analyzer

tried running it and it threw an error.

Thank you in advance and God Bless

Code example to reproduce the issue:

slither . --solc-remaps '@openzeppelin=node_modules/@openzeppelin'

Version:

slither 0.9.0
solc 0.8.7

Relevant log output:

PS C:\Users\Nancy\hello\ucla> C:\Users\Nancy\AppData\Local\Programs\Python\Python38\Scripts/slither . --solc-remaps '@openzeppelin=node_modules/@openzeppelin'
'npx hardhat compile --force' running
Compiled 12 Solidity files successfully

Traceback (most recent call last):
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 826, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 97, in process_all
    ) = process_single(compilation, args, detector_classes, printer_classes)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 75, in process_single
    slither = Slither(target, ast_format=ast, **vars(args))
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\slither.py", line 102, in __init__
    parser.parse_top_level_from_loaded_json(ast, path)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\solc_parsing\slither_compilation_unit_solc.py", line 211, in parse_top_level_from_loaded_json
    contract.set_offset(top_level_data["src"], self._compilation_unit)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 184, in set_offset
    self.source_mapping = _convert_source_mapping(offset, compilation_unit)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 150, in _convert_source_mapping
    (lines, starting_column, ending_column) = _compute_line(compilation_unit, filename, s, l)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 111, in _compute_line
    end_line, ending_column = compilation_unit.core.crytic_compile.get_line_from_offset(
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\crytic_compile\crytic_compile.py", line 291, in get_line_from_offset
    return lines_delimiters[offset]
KeyError: 32362
Error in .
Traceback (most recent call last):
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 826, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 97, in process_all
    ) = process_single(compilation, args, detector_classes, printer_classes)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\__main__.py", line 75, in process_single
    slither = Slither(target, ast_format=ast, **vars(args))
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\slither.py", line 102, in __init__
    parser.parse_top_level_from_loaded_json(ast, path)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\solc_parsing\slither_compilation_unit_solc.py", line 211, in parse_top_level_from_loaded_json
    contract.set_offset(top_level_data["src"], self._compilation_unit)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 184, in set_offset
    self.source_mapping = _convert_source_mapping(offset, compilation_unit)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 150, in _convert_source_mapping
    (lines, starting_column, ending_column) = _compute_line(compilation_unit, filename, s, l)
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\slither\core\source_mapping\source_mapping.py", line 111, in _compute_line
    end_line, ending_column = compilation_unit.core.crytic_compile.get_line_from_offset(
  File "C:\Users\Nancy\AppData\Local\Programs\Python\Python38\lib\site-packages\crytic_compile\crytic_compile.py", line 291, in get_line_from_offset
    return lines_delimiters[offset]
KeyError: 32362

[elopez]

Hi @mattjaf, can you confirm if this still happens after running npx hardhat clean and removing the crytic-export folder if present?

[mattjaf]

Thank you for your response.
I initially installed it with pip
I fixed my path.
then uninstalled it and reinstalled it with pip3
ran npx hardhat clean

and it threw this:

$ slither . --solc-remaps '@openzeppelin=node_modules/@openzeppelin' --exclude naming-convention,external-function,low-level-calls
'npx hardhat compile --force' running
Compiled 12 Solidity files successfully


NftArticlesNatSpec.burnToken(uint256,string) (contracts/NatSpec.sol#158-162) deletes NftArticlesNatSpec.Article (contracts/NatSpec.sol#47-54) which contains a mapping:
        -delete (tokenIdToArticle[_tokenId]) (contracts/NatSpec.sol#161)
NftArticles.burnToken(uint256,string) (contracts/ucla.sol#64-68) deletes NftArticles.Article (contracts/ucla.sol#21-28) which contains a mapping:
        -delete (tokenIdToArticle[_tokenId]) (contracts/ucla.sol#67)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#deletion-on-mapping-containing-a-structure

Reentrancy in NftArticlesNatSpec.mintToken(uint256,string,string,uint8) (contracts/NatSpec.sol#131-149):
        External calls:
        - _safeMint(msg.sender,tokenCounter) (contracts/NatSpec.sol#146)
                - IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401-412)
        State variables written after the call(s):
        - tokenCounter ++ (contracts/NatSpec.sol#148)
Reentrancy in NftArticles.mintToken(uint256,string,string,uint8) (contracts/ucla.sol#44-62):
        External calls:
        - _safeMint(msg.sender,tokenCounter) (contracts/ucla.sol#59)
                - IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401-412)
        State variables written after the call(s):
        - tokenCounter ++ (contracts/ucla.sol#61)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-1

ERC721._checkOnERC721Received(address,address,uint256,bytes) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#394-416) ignores return value by IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401-412)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return

NftArticlesNatSpec.constructor(string,string)._name (contracts/NatSpec.sol#110) shadows:
        - ERC721._name (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#24) (state variable)
NftArticlesNatSpec.constructor(string,string)._symbol (contracts/NatSpec.sol#110) shadows:
        - ERC721._symbol (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#27) (state variable)
NftArticles.constructor(string,string)._name (contracts/ucla.sol#37) shadows:
        - ERC721._name (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#24) (state variable)
NftArticles.constructor(string,string)._symbol (contracts/ucla.sol#37) shadows:
        - ERC721._symbol (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#27) (state variable)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing

NftArticlesNatSpec.changeOwnerReceiverAddress(address)._ownerReceiverAddress (contracts/NatSpec.sol#367) lacks a zero-check on :
                - ownerReceiverAddress = _ownerReceiverAddress (contracts/NatSpec.sol#368)
NftArticles.changeOwnerReceiverAddress(address)._ownerReceiverAddress (contracts/ucla.sol#163) lacks a zero-check on :
                - ownerReceiverAddress = _ownerReceiverAddress (contracts/ucla.sol#164)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation

Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).retval (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#394-416) potentially used before declaration: retval == IERC721Receiver.onERC721Received.selector (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#402)
Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).reason (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#403)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#394-416) potentially used before declaration: reason.length
== 0 (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#404)
Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).reason (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#403)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#394-416) potentially used before declaration: revert(uint256,uint256)(32 + reason,mload(uint256)(reason)) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#409)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#pre-declaration-usage-of-local-variables

Reentrancy in NftArticlesNatSpec.mintToken(uint256,string,string,uint8) (contracts/NatSpec.sol#131-149):
        External calls:
        - _safeMint(msg.sender,tokenCounter) (contracts/NatSpec.sol#146)
                - IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401-412)
        Event emitted after the call(s):
        - MintToken(tokenCounter,msg.sender,_ppvFee,_unPaidURI) (contracts/NatSpec.sol#147)
Reentrancy in NftArticles.mintToken(uint256,string,string,uint8) (contracts/ucla.sol#44-62):
        External calls:
        - _safeMint(msg.sender,tokenCounter) (contracts/ucla.sol#59)
                - IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#401-412)
        Event emitted after the call(s):
        - MintToken(tokenCounter,msg.sender,_ppvFee,_unPaidURI) (contracts/ucla.sol#60)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-3

ERC721._checkOnERC721Received(address,address,uint256,bytes) (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#394-416) uses assembly
        - INLINE ASM (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#408-410)
Address.verifyCallResult(bool,bytes,string) (node_modules/@openzeppelin/contracts/utils/Address.sol#201-221) uses assembly
        - INLINE ASM (node_modules/@openzeppelin/contracts/utils/Address.sol#213-216)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage

NftArticlesNatSpec.payPerView(uint256) (contracts/NatSpec.sol#400-415) compares to
a boolean constant:
        -require(bool,string)(tokenIdToArticle[_tokenId].paidAddress[msg.sender] != true,You have already paid per view!) (contracts/NatSpec.sol#401-404)
NftArticles.payPerView(uint256) (contracts/ucla.sol#175-190) compares to a boolean
constant:
        -require(bool,string)(tokenIdToArticle[_tokenId].paidAddress[msg.sender] != true,You have already paid per view!) (contracts/ucla.sol#176-179)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality

Different versions of Solidity are used:
        - Version used: ['0.8.7', '^0.8.0', '^0.8.1']
        - ^0.8.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/IERC721.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol#4)
        - ^0.8.1 (node_modules/@openzeppelin/contracts/utils/Address.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/utils/Context.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/utils/Strings.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/utils/introspection/ERC165.sol#4)
        - ^0.8.0 (node_modules/@openzeppelin/contracts/utils/introspection/IERC165.sol#4)
        - 0.8.7 (contracts/NatSpec.sol#2)
        - 0.8.7 (contracts/ucla.sol#2)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used

Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/access/Ownable.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/ERC721.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/IERC721.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol#4) allows old versions
Pragma version^0.8.1 (node_modules/@openzeppelin/contracts/utils/Address.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/utils/Context.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/utils/Strings.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/utils/introspection/ERC165.sol#4) allows old versions
Pragma version^0.8.0 (node_modules/@openzeppelin/contracts/utils/introspection/IERC165.sol#4) allows old versions
Pragma version0.8.7 (contracts/NatSpec.sol#2) allows old versions
Pragma version0.8.7 (contracts/ucla.sol#2) allows old versions
solc-0.8.7 is not recommended for deployment
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity

Reentrancy in NftArticlesNatSpec.payPerView(uint256) (contracts/NatSpec.sol#400-415):
        External calls:
        - address(tokenIdToArticle[_tokenId].creator).transfer(tokenCreatorProfit)
(contracts/NatSpec.sol#412)
        - address(ownerOf(_tokenId)).transfer(tokenOwnerProfit) (contracts/NatSpec.sol#413)
        Event emitted after the call(s):
        - PayPerView(_tokenId,msg.sender,msg.value) (contracts/NatSpec.sol#414)
Reentrancy in NftArticles.payPerView(uint256) (contracts/ucla.sol#175-190):
        External calls:
        - address(tokenIdToArticle[_tokenId].creator).transfer(tokenCreatorProfit)
(contracts/ucla.sol#187)
        - address(ownerOf(_tokenId)).transfer(tokenOwnerProfit) (contracts/ucla.sol#188)
        Event emitted after the call(s):
        - PayPerView(_tokenId,msg.sender,msg.value) (contracts/ucla.sol#189)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-4
. analyzed (12 contracts with 78 detectors), 36 result(s) found
error Command failed with exit code 4294967295.

[elopez]

Looks like it's working fine 👍 in the future, if you modify your codebase significantly, run a hardhat clean before analyzing, as stale artifacts in the hardhat directory can cause these sorts of issues.

[mattjaf]

thanks again!!,

whats up with this:

error Command failed with exit code 4294967295.

[elopez]

By default slither will exit with an error code if any detections are found in the codebase. With slither 0.9 you can now override the behavior to always exit with code 0 (success) by passing --no-fail-pedantic, or to fail only if e.g. medium severity issues are found (--fail-medium).

From the release notes:

Change the exit code returned by Slither (#1278, #1359) If you are using Slither in a CI, check out the new flags --fail-pedantic/--fail-high/--fail-medium/ ... and --no-fail-pedantic. The default behavior is --fail-pedantic, but this will be updated to be --no-fail-pedantic in a future release

[mattjaf]

oh, thank you so much!!

[mattjaf]

sorry to bother you, is there a reason why the messages aren't in color in my terminal?

[elopez]

I believe terminal color output (ANSI color escapes) in Windows requires a recent Windows 10 or 11, and a terminal emulator with support for it, like the new Windows Terminal. You mentioned you were using Windows 7, so that's probably why you get the uncolored output.