mirror of https://github.com/ConsenSys/mythril
blockchainethereumsmart-contractssoliditysecurityprogram-analysissecurity-analysissymbolic-execution
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
5.0 KiB
106 lines
5.0 KiB
7 years ago
|
{
|
||
|
"success": true,
|
||
|
"error": null,
|
||
|
"issues": [
|
||
|
{
|
||
|
"title": "Message call to external contract",
|
||
|
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
|
||
|
"function": "_function_0x5a6814ec",
|
||
|
"type": "Informational",
|
||
|
"address": 661,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 16,
|
||
|
"code": "fixed_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Message call to external contract",
|
||
|
"description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.",
|
||
|
"function": "_function_0xd24b08cc",
|
||
|
"type": "Warning",
|
||
|
"address": 779,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 29,
|
||
|
"code": "stored_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Message call to external contract",
|
||
|
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
|
||
|
"function": "_function_0xe11f493e",
|
||
|
"type": "Informational",
|
||
|
"address": 858,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 20,
|
||
|
"code": "fixed_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "State change after external call",
|
||
|
"description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.",
|
||
|
"function": "_function_0xe11f493e",
|
||
|
"type": "Warning",
|
||
|
"address": 869,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 21,
|
||
|
"code": "statevar = 0"
|
||
|
},
|
||
|
{
|
||
|
"title": "Message call to external contract",
|
||
|
"description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.",
|
||
|
"function": "_function_0xe1d10f79",
|
||
|
"type": "Warning",
|
||
|
"address": 912,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 25,
|
||
|
"code": "addr.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Unchecked CALL return value",
|
||
|
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
|
||
|
"function": "_function_0x5a6814ec",
|
||
|
"type": "Informational",
|
||
|
"address": 661,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 16,
|
||
|
"code": "fixed_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Unchecked CALL return value",
|
||
|
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
|
||
|
"function": "_function_0xd24b08cc",
|
||
|
"type": "Informational",
|
||
|
"address": 779,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 29,
|
||
|
"code": "stored_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Unchecked CALL return value",
|
||
|
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
|
||
|
"function": "_function_0xe11f493e",
|
||
|
"type": "Informational",
|
||
|
"address": 858,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 20,
|
||
|
"code": "fixed_address.call()"
|
||
|
},
|
||
|
{
|
||
|
"title": "Unchecked CALL return value",
|
||
|
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
|
||
|
"function": "_function_0xe1d10f79",
|
||
|
"type": "Informational",
|
||
|
"address": 912,
|
||
|
"debug": "<DEBUG-DATA>",
|
||
7 years ago
|
"filename": "<TESTDATA>/inputs/calls.sol",
|
||
7 years ago
|
"lineno": 25,
|
||
|
"code": "addr.call()"
|
||
|
}
|
||
|
]
|
||
7 years ago
|
}
|