Giter Club home page Giter Club logo

chiralitydetector's Introduction

这个仓库是用来进行手性函数相关的detector开发的 一个有趣的题目

在合约编程中,特别是涉及到业务逻辑代码的部分,通常会出现一类函数,可以称为“手性”或“非手性”函数,也就是镜像或同像函数。这些函数通常成对出现,其业务逻辑要么完全相反,要么高度相似。这些函数通常共享以下特点:

  1. 完整的业务变动:这意味着每一对函数在其操作和结果上都是完整的,无论是反向还是同向的逻辑。
  2. 完整的变量读写:这些函数对状态变量的读写操作高度相似,确保数据的一致性和完整性。
  3. 完整的条件考虑:在逻辑判断和执行条件上,这些函数考虑的情况应该是一致的,保证业务逻辑的完整性。

当这些条件不被满足时,可能会引入所谓的“inconsistency”漏洞,这些漏洞可以表现为不完整、不及时或顺序错误等问题。例如,如果一对函数中一个函数考虑了某个特定的错误处理,而另一个相似的函数却没有,这就可能导致数据处理的不一致性。

扩展到整个合约的业务逻辑流,一致性的要求更加复杂和难以捕捉,但这种类型的漏洞依然存在。如何维护这种一致性,是智能合约开发中的一个重要挑战。

以下是两个具体函数的例子,可以帮助理解上述概念:

mulFinalize 函数:

function mulFinalize(FinalizeTxMeta[] memory metasT) external onlyRelayer {
    for (uint256 i = 0; i < metasT.length; i++) {
        FinalizeTxMeta memory meta = metasT[i];
        require(!finalizedTxs[meta.logHash], "tx finalized");
        finalizedTxs[meta.logHash] = true;
        _finalize(meta.scChainId, meta.logHash, meta.to, meta.amount);
    }
}

这个函数通过循环处理一个数组中的多个交易元数据,对每一个元数据执行验证和最终处理。每次循环都会检查交易是否已经被处理,并更新状态变量。

finalize 函数:

function finalize(FinalizeTxMeta memory metat) external ensureFinalized(metat) {
    _finalize(metat.scChainId, metat.logHash, metat.to, metat.amount);
}

这个函数处理单个交易的最终确认。它同样执行交易验证并调用内部函数来完成交易处理。

从这两个函数可以看出,mulFinalize 是处理一系列事务的函数,而 finalize 则是专门处理单个事务的。尽管他们的操作类似,但 mulFinalize 在逻辑和处理上更为复杂,需要额外的循环结构来处理多个事务。这种结构上的不一致可能是一个需要注意的点,尤其是在保持代码整洁和避免错误方面。

In contract programming, especially within business logic code, there often exists a category of functions referred to as "chiral" or "achiral" functions, also known as mirror or identical functions. These functions typically appear in pairs with either completely opposite or highly similar business logics. They usually share the following characteristics:

  1. Complete Business Changes: This means that each pair of functions is comprehensive in their operations and outcomes, whether the logic is inverse or parallel.
  2. Complete Variable Read/Write: These functions perform highly similar operations on state variables to ensure data consistency and completeness.
  3. Complete Consideration of Conditions: In terms of logical judgments and execution conditions, these functions should consistently consider similar scenarios to ensure the completeness of business logic.

When these conditions are not met, it might introduce what is called an "inconsistency" vulnerability. These vulnerabilities can manifest as incomplete, untimely, or erroneous sequence issues. For example, if one function in a pair considers a specific error handling and the other similar function does not, it could lead to inconsistencies in data processing.

Expanding this view to the entire business logic flow of the contract, the requirements for consistency become even more complex and difficult to capture, but such vulnerabilities still exist. Maintaining this consistency is a critical challenge in smart contract development.

Here are examples of two specific functions that help illustrate the above concepts:

mulFinalize function:

function mulFinalize(FinalizeTxMeta[] memory metasT) external onlyRelayer {
    for (uint256 i = 0; i < metasT.length; i++) {
        FinalizeTxMeta memory meta = metasT[i];
        require(!finalizedTxs[meta.logHash], "tx finalized");
        finalizedTxs[meta.logHash] = true;
        _finalize(meta.scChainId, meta.logHash, meta.to, meta.amount);
    }
}

This function processes multiple transaction metadata through a loop, performing verification and final handling for each meta. Each iteration checks if the transaction has been finalized and updates the state variable.

finalize function:

function finalize(FinalizeTxMeta memory metat) external ensureFinalized(metat) {
    _finalize(metat.scChainId, metat.logHash, metat.to, metat.amount);
}

This function manages the final confirmation of a single transaction. It performs transaction verification and calls an internal function to complete the transaction processing.

These functions show that mulFinalize is designed to handle a series of transactions, whereas finalize is specialized for individual transactions. Although their operations are similar, mulFinalize involves more complex logic and handling due to the additional loop structure needed to process multiple transactions. This structural inconsistency might be a point of concern, particularly in maintaining code cleanliness and avoiding errors.

chiralitydetector's People

Contributors

bradmoonuestc avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.