TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #536 from norhh/master

Browse Source 
Add SWC ID to the analysis results
pull/544/head
Nikhil Parasaram 6 years ago committed by GitHub
parent b72cc16a21 b5bcca6ee9
commit 176fe546a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
48 changed files with 212 additions and 105 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      mythril/analysis/modules/delegatecall.py
  2. 24
      mythril/analysis/modules/dependence_on_predictable_vars.py
  3. 13
      mythril/analysis/modules/deprecated_ops.py
  4. 6
      mythril/analysis/modules/ether_send.py
  5. 15
      mythril/analysis/modules/exceptions.py
  6. 37
      mythril/analysis/modules/external_calls.py
  7. 9
      mythril/analysis/modules/integer.py
  8. 6
      mythril/analysis/modules/multiple_sends.py
  9. 5
      mythril/analysis/modules/suicide.py
  10. 6
      mythril/analysis/modules/transaction_order_dependence.py
  11. 20
      mythril/analysis/modules/unchecked_retval.py
  12. 8
      mythril/analysis/report.py
  13. 25
      mythril/analysis/swc_data.py
  14. 2
      mythril/analysis/templates/report_as_markdown.jinja2
  15. 1
      mythril/analysis/templates/report_as_text.jinja2
  16. 2
      tests/testdata/outputs_expected/calls.sol.o.json
  17. 20
      tests/testdata/outputs_expected/calls.sol.o.markdown
  18. 10
      tests/testdata/outputs_expected/calls.sol.o.text
  19. 2
      tests/testdata/outputs_expected/environments.sol.o.json
  20. 6
      tests/testdata/outputs_expected/environments.sol.o.markdown
  21. 3
      tests/testdata/outputs_expected/environments.sol.o.text
  22. 2
      tests/testdata/outputs_expected/ether_send.sol.o.json
  23. 4
      tests/testdata/outputs_expected/ether_send.sol.o.markdown
  24. 2
      tests/testdata/outputs_expected/ether_send.sol.o.text
  25. 2
      tests/testdata/outputs_expected/exceptions.sol.o.json
  26. 8
      tests/testdata/outputs_expected/exceptions.sol.o.markdown
  27. 4
      tests/testdata/outputs_expected/exceptions.sol.o.text
  28. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.json
  29. 8
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown
  30. 4
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.text
  31. 2
      tests/testdata/outputs_expected/multi_contracts.sol.o.json
  32. 2
      tests/testdata/outputs_expected/multi_contracts.sol.o.markdown
  33. 1
      tests/testdata/outputs_expected/multi_contracts.sol.o.text
  34. 2
      tests/testdata/outputs_expected/origin.sol.o.json
  35. 4
      tests/testdata/outputs_expected/origin.sol.o.markdown
  36. 3
      tests/testdata/outputs_expected/origin.sol.o.text
  37. 2
      tests/testdata/outputs_expected/overflow.sol.o.json
  38. 6
      tests/testdata/outputs_expected/overflow.sol.o.markdown
  39. 3
      tests/testdata/outputs_expected/overflow.sol.o.text
  40. 2
      tests/testdata/outputs_expected/returnvalue.sol.o.json
  41. 6
      tests/testdata/outputs_expected/returnvalue.sol.o.markdown
  42. 3
      tests/testdata/outputs_expected/returnvalue.sol.o.text
  43. 2
      tests/testdata/outputs_expected/suicide.sol.o.json
  44. 2
      tests/testdata/outputs_expected/suicide.sol.o.markdown
  45. 1
      tests/testdata/outputs_expected/suicide.sol.o.text
  46. 2
      tests/testdata/outputs_expected/underflow.sol.o.json
  47. 6
      tests/testdata/outputs_expected/underflow.sol.o.markdown
  48. 3
      tests/testdata/outputs_expected/underflow.sol.o.text

9
mythril/analysis/modules/delegatecall.py
Unescape View File

@ -1,4 +1,5 @@
import re
from mythril.analysis.swc_data import DELEGATECALL_TO_UNTRUSTED_CONTRACT
from mythril.analysis.ops import get_variable, VarType
from mythril.analysis.report import Issue
import logging
@ -43,8 +44,9 @@ def _concrete_call(call, state, address, meminstart):
if not re.search(r'calldata.*_0', str(state.mstate.memory[meminstart.val])):
return []
issue = Issue(call.node.contract_name, call.node.function_name, address,
"Call data forwarded with delegatecall()", "Informational")
issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address,
swc_id=DELEGATECALL_TO_UNTRUSTED_CONTRACT, title="Call data forwarded with delegatecall()",
_type="Informational")
issue.description = \
"This contract forwards its call data via DELEGATECALL in its fallback function. " \
@ -58,7 +60,8 @@ def _concrete_call(call, state, address, meminstart):
def _symbolic_call(call, state, address, statespace):
issue = Issue(call.node.contract_name, call.node.function_name, address, call.type + " to a user-supplied address")
issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address,
swc_id=DELEGATECALL_TO_UNTRUSTED_CONTRACT, title=call.type + " to a user-supplied address")
if "calldata" in str(call.to):
issue.description = \

24
mythril/analysis/modules/dependence_on_predictable_vars.py
Unescape View File

@ -3,6 +3,7 @@ from z3 import *
from mythril.analysis.ops import VarType
from mythril.analysis import solver
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import TIMESTAMP_DEPENDENCE, PREDICTABLE_VARS_DEPENDENCE
from mythril.exceptions import UnsatError
import logging
@ -27,15 +28,14 @@ def execute(statespace):
for call in statespace.calls:
if ("callvalue" in str(call.value)):
if "callvalue" in str(call.value):
logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] Skipping refund function")
continue
# We're only interested in calls that send Ether
if call.value.type == VarType.CONCRETE:
if call.value.val == 0:
continue
if call.value.type == VarType.CONCRETE and call.value.val == 0:
continue
address = call.state.get_current_instruction()['address']
@ -56,8 +56,10 @@ def execute(statespace):
for item in found:
description += "- block.{}\n".format(item)
if solve(call):
issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable environment variable", "Warning",
description)
swc_type = TIMESTAMP_DEPENDENCE if item == 'timestamp' else PREDICTABLE_VARS_DEPENDENCE
issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address,
swc_id=swc_type, title="Dependence on predictable environment variable",
_type="Warning", description=description)
issues.append(issue)
# Second check: blockhash
@ -84,8 +86,9 @@ def execute(statespace):
" is used to determine Ether recipient"
description += ", this expression will always be equal to zero."
issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable variable",
"Warning", description)
issue = Issue(contract=call.node.contract_name, function=call.node.function_name,
address=address, title="Dependence on predictable variable",
_type="Warning", description=description, swc_id=PREDICTABLE_VARS_DEPENDENCE)
issues.append(issue)
break
else:
@ -104,8 +107,9 @@ def execute(statespace):
if index and solve(call):
description += 'block.blockhash() is calculated using a value from storage ' \
'at index {}'.format(index)
issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable variable",
"Informational", description)
issue = Issue(contract=call.node.contract_name, function=call.node.function_name,
address=address, title="Dependence on predictable variable",
_type="Informational", description=description, swc_id=PREDICTABLE_VARS_DEPENDENCE)
issues.append(issue)
break
return issues

13
mythril/analysis/modules/deprecated_ops.py
Unescape View File

@ -1,4 +1,5 @@
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import TX_ORIGIN_USAGE
import logging
@ -22,12 +23,14 @@ def execute(statespace):
instruction = state.get_current_instruction()
if(instruction['opcode'] == "ORIGIN"):
issue = Issue(node.contract_name, node.function_name, instruction['address'], "Use of tx.origin", "Warning",
"Function " + node.function_name + " retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin"
)
if instruction['opcode'] == "ORIGIN":
description = "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. " \
"Use msg.sender instead.\nSee also: " \
"https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin".format(node.function_name)
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
title="Use of tx.origin", _type="Warning", swc_id=TX_ORIGIN_USAGE,
description=description)
issues.append(issue)
return issues

6
mythril/analysis/modules/ether_send.py
Unescape View File

@ -2,6 +2,7 @@ from z3 import *
from mythril.analysis.ops import *
from mythril.analysis import solver
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import UNPROTECTED_ETHER_WITHDRAWAL
from mythril.exceptions import UnsatError
import re
import logging
@ -115,8 +116,9 @@ def execute(statespace):
debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
issue = Issue(call.node.contract_name, call.node.function_name, address, "Ether send", "Warning",
description, debug)
issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address,
title="Ether send", _type="Warning", swc_id=UNPROTECTED_ETHER_WITHDRAWAL,
description=description, debug=debug)
issues.append(issue)
except UnsatError:

15
mythril/analysis/modules/exceptions.py
Unescape View File

@ -1,4 +1,5 @@
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import ASSERT_VIOLATION
from mythril.exceptions import UnsatError
from mythril.analysis import solver
import logging
@ -24,19 +25,25 @@ def execute(statespace):
for state in node.states:
instruction = state.get_current_instruction()
if(instruction['opcode'] == "ASSERT_FAIL"):
if instruction['opcode'] == "ASSERT_FAIL":
try:
model = solver.get_model(node.constraints)
address = state.get_current_instruction()['address']
description = "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. "
description += "This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. "
description = "A reachable exception (opcode 0xfe) has been detected. " \
"This can be caused by type errors, division by zero, " \
"out-of-bounds array access, or assert violations. "
description += "This is acceptable in most situations. " \
"Note however that `assert()` should only be used to check invariants. " \
"Use `require()` for regular input checking. "
debug = "The exception is triggered under the following conditions:\n\n"
debug += solver.pretty_print_model(model)
issues.append(Issue(node.contract_name, node.function_name, address, "Exception state", "Informational", description, debug))
issues.append(Issue(contract=node.contract_name, function=node.function_name, address=address,
swc_id=ASSERT_VIOLATION, title="Exception state", _type="Informational",
description=description, debug=debug))
except UnsatError:
logging.debug("[EXCEPTIONS] no model found")

37
mythril/analysis/modules/external_calls.py
Unescape View File

@ -2,6 +2,7 @@ from z3 import *
from mythril.analysis.ops import *
from mythril.analysis.report import Issue
from mythril.analysis import solver
from mythril.analysis.swc_data import REENTRANCY
import re
import logging
@ -19,7 +20,7 @@ def search_children(statespace, node, start_index=0, depth=0, results=[]):
logging.debug("SEARCHING NODE %d", node.uid)
if(depth < MAX_SEARCH_DEPTH):
if depth < MAX_SEARCH_DEPTH:
n_states = len(node.states)
@ -35,7 +36,7 @@ def search_children(statespace, node, start_index=0, depth=0, results=[]):
if edge.node_from == node.uid:
children.append(statespace.nodes[edge.node_to])
if (len(children)):
if len(children):
for node in children:
return search_children(statespace, node, depth=depth + 1, results=results)
@ -54,20 +55,20 @@ def execute(statespace):
state = call.state
address = state.get_current_instruction()['address']
if (call.type == "CALL"):
if call.type == "CALL":
logging.info("[EXTERNAL_CALLS] Call to: %s, value = %s, gas = %s" % (str(call.to), str(call.value), str(call.gas)))
if (call.to.type == VarType.SYMBOLIC and (call.gas.type == VarType.CONCRETE and call.gas.val > 2300) or (call.gas.type == VarType.SYMBOLIC and "2300" not in str(call.gas))):
if call.to.type == VarType.SYMBOLIC and (call.gas.type == VarType.CONCRETE and call.gas.val > 2300) or (call.gas.type == VarType.SYMBOLIC and "2300" not in str(call.gas)):
description = "This contract executes a message call to "
target = str(call.to)
user_supplied = False
if ("calldata" in target or "caller" in target):
if "calldata" in target or "caller" in target:
if ("calldata" in target):
if "calldata" in target:
description += "an address provided as a function argument. "
else:
description += "the address of the transaction sender. "
@ -76,7 +77,7 @@ def execute(statespace):
else:
m = re.search(r'storage_([a-z0-9_&^]+)', str(call.to))
if (m):
if m:
idx = m.group(1)
func = statespace.find_storage_write(state.environment.active_account.address, idx)
@ -90,15 +91,20 @@ def execute(statespace):
if user_supplied:
description += "Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state."
description += "Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. " \
"Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state."
issue = Issue(call.node.contract_name, call.node.function_name, address, "Message call to external contract", "Warning", description)
issue = Issue(contract=call.node.contract_name, function=call.node.function_name,
address=address, title="Message call to external contract", _type="Warning",
description=description, swc_id=REENTRANCY)
else:
description += "to another contract. Make sure that the called contract is trusted and does not execute user-supplied code."
issue = Issue(call.node.contract_name, call.node.function_name, address, "Message call to external contract", "Informational", description)
issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address,
title="Message call to external contract", _type="Informational",
description=description, swc_id=REENTRANCY)
issues.append(issue)
@ -113,10 +119,15 @@ def execute(statespace):
logging.debug("[EXTERNAL_CALLS] Detected state changes at addresses: " + str(state_change_addresses))
if (len(state_change_addresses)):
if len(state_change_addresses):
for address in state_change_addresses:
description = "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities."
issue = Issue(call.node.contract_name, call.node.function_name, address, "State change after external call", "Warning", description)
description = "The contract account state is changed after an external call. " \
"Consider that the called contract could re-enter the function before this " \
"state change takes place. This can lead to business logic vulnerabilities."
issue = Issue(contract=call.node.contract_name, function=call.node.function_name,
address=address, title="State change after external call", _type="Warning",
description=description, swc_id=REENTRANCY)
issues.append(issue)
return issues

9
mythril/analysis/modules/integer.py
Unescape View File

@ -2,6 +2,7 @@ from z3 import *
from mythril.analysis import solver
from mythril.analysis.ops import *
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import INTEGER_OVERFLOW_AND_UNDERFLOW
from mythril.exceptions import UnsatError
from mythril.laser.ethereum.taint_analysis import TaintRunner
import re
@ -16,6 +17,7 @@ For every SUB instruction, check if there's a possible state where op1 > op0.
For every ADD, MUL instruction, check if there's a possible state where op1 + op0 > 2^32 - 1
'''
def execute(statespace):
"""
Executes analysis module for integer underflow and integer overflow
@ -85,7 +87,8 @@ def _check_integer_overflow(statespace, state, node):
return issues
# Build issue
issue = Issue(node.contract_name, node.function_name, instruction['address'], "Integer Overflow", "Warning")
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
swc_id=INTEGER_OVERFLOW_AND_UNDERFLOW, title="Integer Overflow", _type="Warning")
issue.description = "A possible integer overflow exists in the function `{}`.\n" \
"The addition or multiplication may result in a value higher than the maximum representable integer.".format(
@ -173,8 +176,8 @@ def _check_integer_underflow(statespace, state, node):
if len(interesting_usages) == 0:
return issues
issue = Issue(node.contract_name, node.function_name, instruction['address'], "Integer Underflow",
"Warning")
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
swc_id=INTEGER_OVERFLOW_AND_UNDERFLOW, title="Integer Underflow", _type="Warning")
issue.description = "A possible integer underflow exists in the function `" + node.function_name + "`.\n" \
"The subtraction may result in a value < 0."

6
mythril/analysis/modules/multiple_sends.py
Unescape View File

@ -1,4 +1,5 @@
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import *
from mythril.laser.ethereum.cfg import JumpType
"""
MODULE DESCRIPTION:
@ -20,9 +21,8 @@ def execute(statespace):
if len(findings) > 0:
node = call.node
instruction = call.state.get_current_instruction()
issue = Issue(node.contract_name, node.function_name, instruction['address'],
"Multiple Calls",
"Informational")
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
swc_id=MULTIPLE_SENDS, title="Multiple Calls", _type="Informational")
issue.description = \
"Multiple sends exist in one transaction, try to isolate each external call into its own transaction." \

5
mythril/analysis/modules/suicide.py
Unescape View File

@ -1,6 +1,7 @@
from mythril.analysis import solver
from mythril.analysis.ops import *
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import UNPROTECTED_SELFDESTRUCT
from mythril.exceptions import UnsatError
import logging
@ -63,7 +64,9 @@ def _analyze_state(state, node):
debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
issue = Issue(node.contract_name, node.function_name, instruction['address'], "Unchecked SUICIDE", "Warning", description, debug)
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
swc_id=UNPROTECTED_SELFDESTRUCT, title="Unchecked SUICIDE", _type="Warning",
description=description, debug=debug)
issues.append(issue)
except UnsatError:
logging.debug("[UNCHECKED_SUICIDE] no model found")

6
mythril/analysis/modules/transaction_order_dependence.py
Unescape View File

@ -4,6 +4,7 @@ import re
from mythril.analysis import solver
from mythril.analysis.ops import *
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import TX_ORDER_DEPENDENCE
from mythril.exceptions import UnsatError
'''
@ -29,9 +30,8 @@ def execute(statespace):
if len(changing_sstores) > 0:
node = call.node
instruction = call.state.get_current_instruction()
issue = Issue(node.contract_name, node.function_name, instruction['address'],
"Transaction order dependence",
"Warning")
issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'],
title="Transaction order dependence", swc_id=TX_ORDER_DEPENDENCE, _type="Warning")
issue.description = \
"A possible transaction order dependence vulnerability exists in function {}. The value or " \

20
mythril/analysis/modules/unchecked_retval.py
Unescape View File

@ -1,4 +1,6 @@
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import UNCHECKED_RET_VAL
from mythril.laser.ethereum.svm import NodeFlags
import logging
import re
@ -41,17 +43,19 @@ def execute(statespace):
instr = state.get_current_instruction()
if (instr['opcode'] == 'ISZERO' and re.search(r'retval', str(state.mstate.stack[-1]))):
if instr['opcode'] == 'ISZERO' and re.search(r'retval', str(state.mstate.stack[-1])):
retval_checked = True
break
if not retval_checked:
address = state.get_current_instruction()['address']
issue = Issue(node.contract_name, node.function_name, address, "Unchecked CALL return value")
issue = Issue(contract=node.contract_name, function=node.function_name, address=address,
title="Unchecked CALL return value", swc_id=UNCHECKED_RET_VAL)
issue.description = \
"The return value of an external call is not checked. Note that execution continue even if the called contract throws."
"The return value of an external call is not checked. " \
"Note that execution continue even if the called contract throws."
issues.append(issue)
@ -64,7 +68,7 @@ def execute(statespace):
state = node.states[idx]
instr = state.get_current_instruction()
if (instr['opcode'] == 'CALL'):
if instr['opcode'] == 'CALL':
retval_checked = False
@ -74,7 +78,7 @@ def execute(statespace):
_state = node.states[_idx]
_instr = _state.get_current_instruction()
if (_instr['opcode'] == 'ISZERO' and re.search(r'retval', str(_state .mstate.stack[-1]))):
if _instr['opcode'] == 'ISZERO' and re.search(r'retval', str(_state .mstate.stack[-1])):
retval_checked = True
break
@ -84,10 +88,12 @@ def execute(statespace):
if not retval_checked:
address = instr['address']
issue = Issue(node.contract_name, node.function_name, address, "Unchecked CALL return value")
issue = Issue(contract=node.contract_name, function=node.function_name,
address=address, title="Unchecked CALL return value", swc_id=UNCHECKED_RET_VAL)
issue.description = \
"The return value of an external call is not checked. Note that execution continue even if the called contract throws."
"The return value of an external call is not checked. " \
"Note that execution continue even if the called contract throws."
issues.append(issue)

8
mythril/analysis/report.py
Unescape View File

@ -3,9 +3,10 @@ import json
import operator
from jinja2 import PackageLoader, Environment
class Issue:
def __init__(self, contract, function, address, title, _type="Informational", description="", debug=""):
def __init__(self, contract, function, address, swc_id, title, _type="Informational", description="", debug=""):
self.title = title
self.contract = contract
@ -14,6 +15,7 @@ class Issue:
self.description = description
self.type = _type
self.debug = debug
self.swc_id = swc_id
self.filename = None
self.code = None
self.lineno = None
@ -22,7 +24,8 @@ class Issue:
@property
def as_dict(self):
issue = {'title': self.title, 'contract': self.contract, 'description': self.description, 'function': self.function, 'type': self.type, 'address': self.address, 'debug': self.debug}
issue = {'title': self.title, 'swc_id': self.swc_id, 'contract': self.contract, 'description': self.description,
'function': self.function, 'type': self.type, 'address': self.address, 'debug': self.debug}
if self.filename and self.lineno:
issue['filename'] = self.filename
@ -40,6 +43,7 @@ class Issue:
self.code = codeinfo.code
self.lineno = codeinfo.lineno
class Report:
environment = Environment(loader=PackageLoader('mythril.analysis'), trim_blocks=True)

25
mythril/analysis/swc_data.py
Unescape View File

@ -0,0 +1,25 @@
DEFAULT_FUNCTION_VISIBILITY = '100'
INTEGER_OVERFLOW_AND_UNDERFLOW = '101'
OUTDATED_COMPILER_VERSION = '102'
FLOATING_PRAGMA = '103'
UNCHECKED_RET_VAL = '104'
UNPROTECTED_ETHER_WITHDRAWAL = '105'
UNPROTECTED_SELFDESTRUCT = '106'
REENTRANCY = '107'
DEFAULT_STATE_VARIABLE_VISIBILITY = '108'
UNINITIALIZED_STORAGE_POINTER = '109'
ASSERT_VIOLATION = '110'
DEPRICATED_FUNCTIONS_USAGE = '111'
DELEGATECALL_TO_UNTRUSTED_CONTRACT = '112'
MULTIPLE_SENDS = '113'
TX_ORDER_DEPENDENCE = '114'
TX_ORIGIN_USAGE = '115'
TIMESTAMP_DEPENDENCE = '116'
# TODO: SWC ID 116 is missing, Add it if it's added to the https://github.com/SmartContractSecurity/SWC-registry
INCORRECT_CONSTRUCTOR_NAME = '118'
SHADOWING_STATE_VARIABLES = '119'
WEAK_RANDOMNESS = '120'
SIGNATURE_REPLAY = '121'
IMPROPER_VERIFICATION_BASED_ON_MSG_SENDER = '122'
PREDICTABLE_VARS_DEPENDENCE = 'N/A' # TODO: Add the swc id when this is added to the SWC Registry

2
mythril/analysis/templates/report_as_markdown.jinja2
Unescape View File

@ -3,7 +3,7 @@
{% for issue in issues %}
## {{ issue.title }}
- SWC ID: {{ issue.swc_id }}
- Type: {{ issue.type }}
- Contract: {{ issue.contract | default("Unknown") }}
- Function name: `{{ issue.function }}`

1
mythril/analysis/templates/report_as_text.jinja2
Unescape View File

@ -1,6 +1,7 @@
{% if issues %}
{% for issue in issues %}
==== {{ issue.title }} ====
SWC ID: {{ issue.swc_id }}
Type: {{ issue.type }}
Contract: {{ issue.contract | default("Unknown") }}
Function name: {{ issue.function }}

2
tests/testdata/outputs_expected/calls.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

20
tests/testdata/outputs_expected/calls.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x5a6814ec`
@ -12,7 +12,7 @@
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x5a6814ec`
@ -23,7 +23,7 @@ This contract executes a message call to to another contract. Make sure that the
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
@ -34,7 +34,7 @@ The return value of an external call is not checked. Note that execution continu
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Transaction order dependence
- SWC ID: 114
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
@ -45,7 +45,7 @@ This contract executes a message call to an address found at storage slot 1. Thi
A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
@ -56,7 +56,7 @@ A possible transaction order dependence vulnerability exists in function _functi
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
@ -67,7 +67,7 @@ The return value of an external call is not checked. Note that execution continu
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## State change after external call
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe11f493e`
@ -78,7 +78,7 @@ This contract executes a message call to to another contract. Make sure that the
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
@ -89,7 +89,7 @@ The contract account state is changed after an external call. Consider that the
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe1d10f79`
@ -100,7 +100,7 @@ The return value of an external call is not checked. Note that execution continu
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe1d10f79`

10
tests/testdata/outputs_expected/calls.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0x5a6814ec
@ -7,6 +8,7 @@ This contract executes a message call to to another contract. Make sure that the
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x5a6814ec
@ -15,6 +17,7 @@ The return value of an external call is not checked. Note that execution continu
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
@ -23,6 +26,7 @@ This contract executes a message call to an address found at storage slot 1. Thi
--------------------
==== Transaction order dependence ====
SWC ID: 114
Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
@ -31,6 +35,7 @@ A possible transaction order dependence vulnerability exists in function _functi
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xd24b08cc
@ -39,6 +44,7 @@ The return value of an external call is not checked. Note that execution continu
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
@ -47,6 +53,7 @@ This contract executes a message call to to another contract. Make sure that the
--------------------
==== State change after external call ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xe11f493e
@ -55,6 +62,7 @@ The contract account state is changed after an external call. Consider that the
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
@ -63,6 +71,7 @@ The return value of an external call is not checked. Note that execution continu
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xe1d10f79
@ -71,6 +80,7 @@ This contract executes a message call to an address provided as a function argum
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xe1d10f79

2
tests/testdata/outputs_expected/environments.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `_function_0x83f12fec`.\nThe subtraction may result in a value < 0.", "function": "_function_0x83f12fec", "title": "Integer Underflow", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `_function_0x83f12fec`.\nThe subtraction may result in a value < 0.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true}

6
tests/testdata/outputs_expected/environments.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `_function_0x83f12fec`
@ -13,7 +13,7 @@ A possible integer overflow exists in the function `_function_0x83f12fec`.
The addition or multiplication may result in a value higher than the maximum representable integer.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `_function_0x83f12fec`
@ -25,7 +25,7 @@ A possible integer overflow exists in the function `_function_0x83f12fec`.
The addition or multiplication may result in a value higher than the maximum representable integer.
## Integer Underflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `_function_0x83f12fec`

3
tests/testdata/outputs_expected/environments.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: _function_0x83f12fec
@ -8,6 +9,7 @@ The addition or multiplication may result in a value higher than the maximum rep
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: _function_0x83f12fec
@ -17,6 +19,7 @@ The addition or multiplication may result in a value higher than the maximum rep
--------------------
==== Integer Underflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: _function_0x83f12fec

2
tests/testdata/outputs_expected/ether_send.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "title": "Integer Overflow", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

4
tests/testdata/outputs_expected/ether_send.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Ether send
- SWC ID: 105
- Type: Warning
- Contract: Unknown
- Function name: `withdrawfunds()`
@ -14,7 +14,7 @@ In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.send
There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `invest()`

2
tests/testdata/outputs_expected/ether_send.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Ether send ====
SWC ID: 105
Type: Warning
Contract: Unknown
Function name: withdrawfunds()
@ -9,6 +10,7 @@ There is a check on storage index 1. This storage slot can be written to by call
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: invest()

2
tests/testdata/outputs_expected/exceptions.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "title": "Exception state", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}

8
tests/testdata/outputs_expected/exceptions.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x546455b5`
@ -12,7 +12,7 @@
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x92dd38ea`
@ -23,7 +23,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xa08299f1`
@ -34,7 +34,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xb34c3610`

4
tests/testdata/outputs_expected/exceptions.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0x546455b5
@ -7,6 +8,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0x92dd38ea
@ -15,6 +17,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0xa08299f1
@ -23,6 +26,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0xb34c3610

2
tests/testdata/outputs_expected/kinds_of_calls.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

8
tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x141f32ff`
@ -12,7 +12,7 @@
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x9b58bc26`
@ -23,7 +23,7 @@ The return value of an external call is not checked. Note that execution continu
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xeea4c864`
@ -34,7 +34,7 @@ The return value of an external call is not checked. Note that execution continu
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xeea4c864`

4
tests/testdata/outputs_expected/kinds_of_calls.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x141f32ff
@ -7,6 +8,7 @@ The return value of an external call is not checked. Note that execution continu
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x9b58bc26
@ -15,6 +17,7 @@ The return value of an external call is not checked. Note that execution continu
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xeea4c864
@ -23,6 +26,7 @@ This contract executes a message call to an address provided as a function argum
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xeea4c864

2
tests/testdata/outputs_expected/multi_contracts.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "title": "Ether send", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}

2
tests/testdata/outputs_expected/multi_contracts.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Ether send
- SWC ID: 105
- Type: Warning
- Contract: Unknown
- Function name: `_function_0x8a4068dd`

1
tests/testdata/outputs_expected/multi_contracts.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Ether send ====
SWC ID: 105
Type: Warning
Contract: Unknown
Function name: _function_0x8a4068dd

2
tests/testdata/outputs_expected/origin.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "title": "Use of tx.origin", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true}

4
tests/testdata/outputs_expected/origin.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Use of tx.origin
- SWC ID: 115
- Type: Warning
- Contract: Unknown
- Function name: `transferOwnership(address)`
@ -9,5 +9,5 @@
### Description
Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.
Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin

3
tests/testdata/outputs_expected/origin.sol.o.text vendored
Unescape View File

@ -1,9 +1,10 @@
==== Use of tx.origin ====
SWC ID: 115
Type: Warning
Contract: Unknown
Function name: transferOwnership(address)
PC address: 317
Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.
Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin
--------------------

2
tests/testdata/outputs_expected/overflow.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "title": "Integer Overflow", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

6
tests/testdata/outputs_expected/overflow.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Integer Underflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
@ -13,7 +13,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Underflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
@ -25,7 +25,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`

3
tests/testdata/outputs_expected/overflow.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Integer Underflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
@ -8,6 +9,7 @@ The subtraction may result in a value < 0.
--------------------
==== Integer Underflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
@ -17,6 +19,7 @@ The subtraction may result in a value < 0.
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)

2
tests/testdata/outputs_expected/returnvalue.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

6
tests/testdata/outputs_expected/returnvalue.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x633ab5e0`
@ -12,7 +12,7 @@
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe3bea282`
@ -23,7 +23,7 @@ This contract executes a message call to to another contract. Make sure that the
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe3bea282`

3
tests/testdata/outputs_expected/returnvalue.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0x633ab5e0
@ -7,6 +8,7 @@ This contract executes a message call to to another contract. Make sure that the
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0xe3bea282
@ -15,6 +17,7 @@ This contract executes a message call to to another contract. Make sure that the
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xe3bea282

2
tests/testdata/outputs_expected/suicide.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true}

2
tests/testdata/outputs_expected/suicide.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Unchecked SUICIDE
- SWC ID: 106
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xcbf0b0c0`

1
tests/testdata/outputs_expected/suicide.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Unchecked SUICIDE ====
SWC ID: 106
Type: Warning
Contract: Unknown
Function name: _function_0xcbf0b0c0

2
tests/testdata/outputs_expected/underflow.sol.o.json vendored
Unescape View File

@ -1 +1 @@
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "title": "Integer Overflow", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

6
tests/testdata/outputs_expected/underflow.sol.o.markdown vendored
Unescape View File

@ -1,7 +1,7 @@
# Analysis results for test-filename.sol
## Integer Underflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
@ -13,7 +13,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Underflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
@ -25,7 +25,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`

3
tests/testdata/outputs_expected/underflow.sol.o.text vendored
Unescape View File

@ -1,4 +1,5 @@
==== Integer Underflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
@ -8,6 +9,7 @@ The subtraction may result in a value < 0.
--------------------
==== Integer Underflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
@ -17,6 +19,7 @@ The subtraction may result in a value < 0.
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)

Write Preview
Loading…
Cancel
Save