Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageIf a `return` is incorrectly used in assembly modeSLITHER-W1023If a `return` is used instead of a `leave`SLITHER-W1026Storage abiencoderv2 arraySLITHER-W1001transferFrom uses arbitrary `from`SLITHER-W1002Incorrect exponentiationSLITHER-W1022Modifying storage array by valueSLITHER-W1003ABI encodePacked CollisionSLITHER-W1004The order of parameters in a shift instruction is incorrectSLITHER-W1005Multiple constructor schemesSLITHER-W1006Contract's name reusedSLITHER-W1007Detected unprotected variablesSLITHER-W1008Public mappings with nested variablesSLITHER-W1009Right-To-Left-Override control character is usedSLITHER-W1010State variables shadowingSLITHER-W1011Functions allowing anyone to destruct the contractSLITHER-W1012Uninitialized state variablesSLITHER-W1013Uninitialized storage variablesSLITHER-W1014Unprotected upgradeable contractSLITHER-W1015Use Codex to find vulnerabilitiesSLITHER-W1016transferFrom uses arbitrary from with permitSLITHER-W1017Functions that send Ether to arbitrary destinationsSLITHER-W1018Tainted array length assignmentSLITHER-W1019Controlled delegatecall destinationSLITHER-W1020Payable functions using `delegatecall` inside a loopSLITHER-W1021msg.value inside a loopSLITHER-W1024Reentrancy vulnerabilities (theft of ethers)SLITHER-W1025Signed storage integer array compiler bugSLITHER-W1027Unchecked tokens transferSLITHER-W1028Weak PRNGSLITHER-W1029Incorrect ERC721 interfacesSLITHER-W1033Detects ERC20 tokens that have a function whose signature collides with EIP-2612's DOMAIN_SEPARATOR()SLITHER-W1030Detect dangerous enum conversionSLITHER-W1031Incorrect ERC20 interfacesSLITHER-W1032Dangerous strict equalitiesSLITHER-W1034Contracts that lock etherSLITHER-W1035Deletion on mapping containing a structureSLITHER-W1036State variables shadowing from abstract contractsSLITHER-W1037Comparing a variable to itself always returns true or false, depending on comparisonSLITHER-W1038Tautology or contradictionSLITHER-W1039Unused writeSLITHER-W1040Misuse of Boolean constantSLITHER-W1041Constant functions using assembly codeSLITHER-W1042Constant functions changing the stateSLITHER-W1043Imprecise arithmetic operations orderSLITHER-W1044Reentrancy vulnerabilities (no theft of ethers)SLITHER-W1045Reused base constructorSLITHER-W1046Dangerous usage of `tx.origin`SLITHER-W1047Unchecked low-level callsSLITHER-W1048Unchecked sendSLITHER-W1049Uninitialized local variablesSLITHER-W1050Unused return valuesSLITHER-W1051Detects `for` loops that use `length` member of some storage array in their loop condition and don't modify itSLITHER-W1088State variables that could be declared constantSLITHER-W1089Public function that could be declared externalSLITHER-W1090State variables that could be declared immutableSLITHER-W1091Contract reads its own variable using `this`SLITHER-W1092Out-of-order retryable transactionsSLITHER-W1093Assembly usageSLITHER-W1067Local variables used prior their declarationSLITHER-W1056Dangerous usage of `block.timestamp`SLITHER-W1066Assert state changeSLITHER-W1068Conformity to Solidity naming conventionsSLITHER-W1077Unused state variablesSLITHER-W1082Missing inheritanceSLITHER-W1076Modifiers that can return the default valueSLITHER-W1052Functions that are not usedSLITHER-W1084Built-in symbol shadowingSLITHER-W1053Local variables shadowingSLITHER-W1054Uninitialized function pointer calls in constructorsSLITHER-W1055Constructor called not implementedSLITHER-W1057Multiple calls in a loopSLITHER-W1058Missing Events Access ControlSLITHER-W1059Missing Events ArithmeticSLITHER-W1060Dangerous unary expressionsSLITHER-W1061Missing Zero Address ValidationSLITHER-W1062Benign reentrancy vulnerabilitiesSLITHER-W1063Reentrancy vulnerabilities leading to out-of-order EventsSLITHER-W1064A low level callee may consume all callers gas unexpectedlySLITHER-W1065Comparison to boolean constantSLITHER-W1069Detects functions with high (> 11) cyclomatic complexitySLITHER-W1070Deprecated Solidity StandardsSLITHER-W1071Un-indexed ERC20 event parametersSLITHER-W1072Function initializing state variablesSLITHER-W1073Detects using-for statement usage when no function from a given library matches a given typeSLITHER-W1074Low level callsSLITHER-W1075If different pragma directives are usedSLITHER-W1078Redundant statementsSLITHER-W1079Incorrect Solidity versionSLITHER-W1080Unimplemented functionsSLITHER-W1081Costly operations in a loopSLITHER-W1083Reentrancy vulnerabilities through send and transferSLITHER-W1085Variable names are too similarSLITHER-W1086Conformance to numeric notation best practicesSLITHER-W1087
Unchecked low-level callsSLITHER-W1048
Major
Anti-patternThe return value of a low-level call is not checked.
Exploit Scenario
contract MyConc{
function my_func(address payable dst) public payable{
dst.call.value(msg.value)("");
}
}
The return value of the low-level call is not checked, so if the call fails, the Ether will be locked in the contract. If the low level is used to prevent blocking operations, consider logging failed calls.
Recommendation
Ensure that the return value of a low-level call is checked or logged.
Learn more
unchecked-lowlevel on Slither's wiki.