From 3ebd6949c6bde0d85252a6972c1f168e85677a65 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 18:21:39 +0200 Subject: [PATCH 1/7] Get rid of --verbose-report flag --- mythril/analysis/report.py | 14 +++++--------- mythril/interfaces/cli.py | 6 ------ mythril/mythril/mythril_analyzer.py | 4 +--- 3 files changed, 6 insertions(+), 18 deletions(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 86f2fbb8..fe5399c3 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -162,13 +162,13 @@ class Report: loader=PackageLoader("mythril.analysis"), trim_blocks=True ) - def __init__(self, verbose=False, contracts=None, exceptions=None): + def __init__(self, contracts=None, exceptions=None): """ - :param verbose: + :param :contracts: + :param :exceptions: """ self.issues = {} - self.verbose = verbose self.solc_version = "" self.meta = {} self.source = Source() @@ -200,9 +200,7 @@ class Report: name = self._file_name() template = Report.environment.get_template("report_as_text.jinja2") - return template.render( - filename=name, issues=self.sorted_issues(), verbose=self.verbose - ) + return template.render(filename=name, issues=self.sorted_issues()) def as_json(self): """ @@ -271,9 +269,7 @@ class Report: """ filename = self._file_name() template = Report.environment.get_template("report_as_markdown.jinja2") - return template.render( - filename=filename, issues=self.sorted_issues(), verbose=self.verbose - ) + return template.render(filename=filename, issues=self.sorted_issues()) def _file_name(self): """ diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index 7d661218..a860ef50 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -119,11 +119,6 @@ def get_output_parser() -> ArgumentParser: help="report output format", metavar="", ) - parser.add_argument( - "--verbose-report", - action="store_true", - help="Include debugging information in report", - ) return parser @@ -599,7 +594,6 @@ def execute_command( modules=[m.strip() for m in args.modules.strip().split(",")] if args.modules else [], - verbose_report=args.verbose_report, transaction_count=args.transaction_count, ) outputs = { diff --git a/mythril/mythril/mythril_analyzer.py b/mythril/mythril/mythril_analyzer.py index d6267a94..3bef8203 100644 --- a/mythril/mythril/mythril_analyzer.py +++ b/mythril/mythril/mythril_analyzer.py @@ -122,12 +122,10 @@ class MythrilAnalyzer: def fire_lasers( self, modules: Optional[List[str]] = None, - verbose_report: bool = False, transaction_count: Optional[int] = None, ) -> Report: """ :param modules: The analysis modules which should be executed - :param verbose_report: Gives out the transaction sequence of the vulnerability :param transaction_count: The amount of transactions to be executed :return: The Report class which contains the all the issues/vulnerabilities """ @@ -177,7 +175,7 @@ class MythrilAnalyzer: source_data = Source() source_data.get_source_from_contracts_list(self.contracts) # Finally, output the results - report = Report(verbose_report, contracts=self.contracts, exceptions=exceptions) + report = Report(contracts=self.contracts, exceptions=exceptions) for issue in all_issues: report.append_issue(issue) From fd5e1c59cf71aae7444991589d170ecce3f2503f Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 18:22:08 +0200 Subject: [PATCH 2/7] Remove unused list --- mythril/analysis/report.py | 1 - 1 file changed, 1 deletion(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index fe5399c3..136f6730 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -224,7 +224,6 @@ class Report: :return: """ _issues = [] - source_list = [] for key, issue in self.issues.items(): From aa3ce53cd8245337aa0c21284028024fbc662fab Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 19:02:02 +0200 Subject: [PATCH 3/7] Add transaction trace to text output --- mythril/analysis/report.py | 18 ++++++++---------- .../analysis/templates/report_as_text.jinja2 | 12 ++++++++---- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 136f6730..06849df6 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -67,16 +67,12 @@ class Issue: @property def transaction_sequence_users(self): - """ Returns the transaction sequence in json without pre-generated block data""" - return ( - json.dumps(self.transaction_sequence, indent=4) - if self.transaction_sequence - else None - ) + """ Returns the transaction sequence without pre-generated block data""" + return self.transaction_sequence @property def transaction_sequence_jsonv2(self): - """ Returns the transaction sequence in json with pre-generated block data""" + """ Returns the transaction sequence as a json string with pre-generated block data""" return ( json.dumps(self.add_block_data(self.transaction_sequence), indent=4) if self.transaction_sequence @@ -102,6 +98,7 @@ class Issue: :return: """ + issue = { "title": self.title, "swc-id": self.swc_id, @@ -110,7 +107,7 @@ class Issue: "function": self.function, "severity": self.severity, "address": self.address, - "tx_sequence": self.transaction_sequence_users, + "tx_sequence": self.transaction_sequence, "min_gas_used": self.min_gas_used, "max_gas_used": self.max_gas_used, "sourceMap": self.source_mapping, @@ -165,8 +162,8 @@ class Report: def __init__(self, contracts=None, exceptions=None): """ - :param :contracts: - :param :exceptions: + :param contracts: + :param exceptions: """ self.issues = {} self.solc_version = "" @@ -224,6 +221,7 @@ class Report: :return: """ _issues = [] + source_list = [] for key, issue in self.issues.items(): diff --git a/mythril/analysis/templates/report_as_text.jinja2 b/mythril/analysis/templates/report_as_text.jinja2 index da962583..7e2f9713 100644 --- a/mythril/analysis/templates/report_as_text.jinja2 +++ b/mythril/analysis/templates/report_as_text.jinja2 @@ -18,13 +18,17 @@ In file: {{ issue.filename }}:{{ issue.lineno }} -------------------- {% endif %} -{% if verbose and issue.tx_sequence %} --------------------- +{% if issue.tx_sequence %} Transaction Sequence: -{{ issue.tx_sequence }} +{% for step in issue.tx_sequence.steps %} +{% if step == issue.tx_sequence.steps[0] and step.input != "0x" and step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %} +Caller: {{ step.origin }}, data: [CONTRACT CREATION], value: {{ step.value }} +{% else %} +Caller: {{ step.origin }}, data: {{ step.input }}, value: {{ step.value }} +{% endif %} +{% endfor %} {% endif %} - {% endfor %} {% else %} The analysis was completed successfully. No issues were detected. From 2c73224bd597b89e24ef55451e1c3e1804539f9e Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 19:04:15 +0200 Subject: [PATCH 4/7] Add transaction trace to markdown output --- .../analysis/templates/report_as_markdown.jinja2 | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/mythril/analysis/templates/report_as_markdown.jinja2 b/mythril/analysis/templates/report_as_markdown.jinja2 index 289d1871..ecf2be69 100644 --- a/mythril/analysis/templates/report_as_markdown.jinja2 +++ b/mythril/analysis/templates/report_as_markdown.jinja2 @@ -24,12 +24,17 @@ In file: {{ issue.filename }}:{{ issue.lineno }} {{ issue.code }} ``` {% endif %} -{% if verbose and issue.tx_sequence %} --------------------- -### Debugging Information: - -{{ issue.tx_sequence }} +{% if issue.tx_sequence %} +### Transaction Sequence + +{% for step in issue.tx_sequence.steps %} +{% if step == issue.tx_sequence.steps[0] and step.input != "0x" and step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %} +Caller: {{ step.origin }}, data: [CONTRACT CREATION], value: {{ step.value }} +{% else %} +Caller: {{ step.origin }}, data: {{ step.input }}, value: {{ step.value }} +{% endif %} +{% endfor %} {% endif %} {% endfor %} {% else %} From 88faed3fd8da0424f3962fe71be6026dee639ff6 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 19:14:07 +0200 Subject: [PATCH 5/7] Improve output formatting --- mythril/analysis/templates/report_as_markdown.jinja2 | 6 +++--- mythril/analysis/templates/report_as_text.jinja2 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/mythril/analysis/templates/report_as_markdown.jinja2 b/mythril/analysis/templates/report_as_markdown.jinja2 index ecf2be69..d47138e2 100644 --- a/mythril/analysis/templates/report_as_markdown.jinja2 +++ b/mythril/analysis/templates/report_as_markdown.jinja2 @@ -27,12 +27,12 @@ In file: {{ issue.filename }}:{{ issue.lineno }} {% if issue.tx_sequence %} ### Transaction Sequence - + {% for step in issue.tx_sequence.steps %} {% if step == issue.tx_sequence.steps[0] and step.input != "0x" and step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %} -Caller: {{ step.origin }}, data: [CONTRACT CREATION], value: {{ step.value }} +Caller: [CREATOR], data: [CONTRACT CREATION], value: {{ step.value }} {% else %} -Caller: {{ step.origin }}, data: {{ step.input }}, value: {{ step.value }} +Caller: {% if step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %}[CREATOR]{% elif step.origin == "0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef" %}[ATTACKER]{% else %}[SOMEGUY]{% endif %}, data: {{ step.input }}, value: {{ step.value }} {% endif %} {% endfor %} {% endif %} diff --git a/mythril/analysis/templates/report_as_text.jinja2 b/mythril/analysis/templates/report_as_text.jinja2 index 7e2f9713..c9bc3822 100644 --- a/mythril/analysis/templates/report_as_text.jinja2 +++ b/mythril/analysis/templates/report_as_text.jinja2 @@ -23,9 +23,9 @@ Transaction Sequence: {% for step in issue.tx_sequence.steps %} {% if step == issue.tx_sequence.steps[0] and step.input != "0x" and step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %} -Caller: {{ step.origin }}, data: [CONTRACT CREATION], value: {{ step.value }} +Caller: [CREATOR], data: [CONTRACT CREATION], value: {{ step.value }} {% else %} -Caller: {{ step.origin }}, data: {{ step.input }}, value: {{ step.value }} +Caller: {% if step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %}[CREATOR]{% elif step.origin == "0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef" %}[ATTACKER]{% else %}[SOMEGUY]{% endif %}, data: {{ step.input }}, value: {{ step.value }} {% endif %} {% endfor %} {% endif %} From 3eabab5510e88f8420714e86293b78611ed13b74 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 19:36:29 +0200 Subject: [PATCH 6/7] Update expected test outputs --- .../templates/report_as_markdown.jinja2 | 2 +- .../analysis/templates/report_as_text.jinja2 | 1 + .../outputs_expected/calls.sol.o.markdown | 25 +++++++++++++++++++ .../outputs_expected/calls.sol.o.text | 12 +++++++++ .../ether_send.sol.o.markdown | 10 ++++++++ .../outputs_expected/ether_send.sol.o.text | 6 +++++ .../exceptions.sol.o.markdown | 20 +++++++++++++++ .../outputs_expected/exceptions.sol.o.text | 12 +++++++++ .../kinds_of_calls.sol.o.markdown | 14 +++++++++++ .../kinds_of_calls.sol.o.text | 6 +++++ .../outputs_expected/metacoin.sol.o.markdown | 1 - .../multi_contracts.sol.o.markdown | 5 ++++ .../multi_contracts.sol.o.text | 3 +++ .../outputs_expected/nonascii.sol.o.markdown | 1 - .../outputs_expected/origin.sol.o.markdown | 1 + .../outputs_expected/overflow.sol.o.json | 2 +- .../outputs_expected/overflow.sol.o.jsonv2 | 2 +- .../outputs_expected/overflow.sol.o.markdown | 15 +++++++++++ .../outputs_expected/overflow.sol.o.text | 9 +++++++ .../returnvalue.sol.o.markdown | 11 ++++++++ .../outputs_expected/returnvalue.sol.o.text | 6 +++++ .../outputs_expected/suicide.sol.o.markdown | 5 ++++ .../outputs_expected/suicide.sol.o.text | 3 +++ .../outputs_expected/underflow.sol.o.json | 2 +- .../outputs_expected/underflow.sol.o.jsonv2 | 2 +- .../outputs_expected/underflow.sol.o.markdown | 15 +++++++++++ .../outputs_expected/underflow.sol.o.text | 9 +++++++ 27 files changed, 193 insertions(+), 7 deletions(-) diff --git a/mythril/analysis/templates/report_as_markdown.jinja2 b/mythril/analysis/templates/report_as_markdown.jinja2 index d47138e2..4fd73f84 100644 --- a/mythril/analysis/templates/report_as_markdown.jinja2 +++ b/mythril/analysis/templates/report_as_markdown.jinja2 @@ -36,8 +36,8 @@ Caller: {% if step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %}[CRE {% endif %} {% endfor %} {% endif %} + {% endfor %} {% else %} - The analysis was completed successfully. No issues were detected. {% endif %} diff --git a/mythril/analysis/templates/report_as_text.jinja2 b/mythril/analysis/templates/report_as_text.jinja2 index c9bc3822..dd70bb45 100644 --- a/mythril/analysis/templates/report_as_text.jinja2 +++ b/mythril/analysis/templates/report_as_text.jinja2 @@ -29,6 +29,7 @@ Caller: {% if step.origin == "0xaffeaffeaffeaffeaffeaffeaffeaffeaffeaffe" %}[CRE {% endif %} {% endfor %} {% endif %} + {% endfor %} {% else %} The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown index 9472f159..dfcde59b 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/calls.sol.o.markdown @@ -13,6 +13,11 @@ A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0x5a6814ec, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -26,6 +31,7 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + ## External Call To User-Supplied Address - SWC ID: 107 - Severity: Medium @@ -39,6 +45,11 @@ External calls return a boolean value. If the callee contract halts with an exce A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0xd24b08cc, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -52,6 +63,7 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + ## External Call To User-Supplied Address - SWC ID: 107 - Severity: Medium @@ -65,6 +77,11 @@ External calls return a boolean value. If the callee contract halts with an exce A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0xe11f493e, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -78,6 +95,7 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + ## State change after external call - SWC ID: 107 - Severity: Medium @@ -91,6 +109,7 @@ External calls return a boolean value. If the callee contract halts with an exce The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + ## External Call To User-Supplied Address - SWC ID: 107 - Severity: Medium @@ -104,6 +123,11 @@ Consider that the called contract could re-enter the function before this state A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0xe1d10f79bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -116,3 +140,4 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text index 6b20a8a3..f78e645c 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ b/tests/testdata/outputs_expected/calls.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 643 - 1254 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0x5a6814ec, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 @@ -30,6 +33,9 @@ Estimated Gas Usage: 687 - 1298 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xd24b08cc, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 @@ -52,6 +58,9 @@ Estimated Gas Usage: 709 - 1320 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xe11f493e, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 @@ -85,6 +94,9 @@ Estimated Gas Usage: 335 - 616 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xe1d10f79bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/ether_send.sol.o.markdown index 2e1c2a9e..fb7c7857 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.o.markdown +++ b/tests/testdata/outputs_expected/ether_send.sol.o.markdown @@ -13,6 +13,11 @@ Anyone can withdraw ETH from the contract account. Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. +### Transaction Sequence + +Caller: [ATTACKER], data: 0x6c343ffe, value: 0x0 + + ## Integer Overflow - SWC ID: 101 - Severity: High @@ -25,3 +30,8 @@ Arbitrary senders other than the contract creator can withdraw ETH from the cont The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. + +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x1 + diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.text b/tests/testdata/outputs_expected/ether_send.sol.o.text index 493978be..396d20de 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.o.text +++ b/tests/testdata/outputs_expected/ether_send.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 1138 - 1749 Anyone can withdraw ETH from the contract account. Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0x6c343ffe, value: 0x0 ==== Integer Overflow ==== SWC ID: 101 @@ -19,4 +22,7 @@ Estimated Gas Usage: 6598 - 26883 The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x1 diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/exceptions.sol.o.markdown index c5da9834..0b52430a 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.o.markdown +++ b/tests/testdata/outputs_expected/exceptions.sol.o.markdown @@ -13,6 +13,11 @@ A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +### Transaction Sequence + +Caller: [SOMEGUY], data: 0x546455b50000000000000000000000000000000000000000000000000000000000000017, value: 0x0 + + ## Exception State - SWC ID: 110 - Severity: Low @@ -26,6 +31,11 @@ It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused b A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +### Transaction Sequence + +Caller: [SOMEGUY], data: 0x92dd38ea80, value: 0x0 + + ## Exception State - SWC ID: 110 - Severity: Low @@ -39,6 +49,11 @@ It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused b A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 + + ## Exception State - SWC ID: 110 - Severity: Low @@ -51,3 +66,8 @@ It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused b A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 + diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.text b/tests/testdata/outputs_expected/exceptions.sol.o.text index cfee4d39..69c5679c 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.o.text +++ b/tests/testdata/outputs_expected/exceptions.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 206 - 301 A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- +Transaction Sequence: + +Caller: [SOMEGUY], data: 0x546455b50000000000000000000000000000000000000000000000000000000000000017, value: 0x0 ==== Exception State ==== SWC ID: 110 @@ -19,6 +22,9 @@ Estimated Gas Usage: 256 - 351 A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- +Transaction Sequence: + +Caller: [SOMEGUY], data: 0x92dd38ea80, value: 0x0 ==== Exception State ==== SWC ID: 110 @@ -30,6 +36,9 @@ Estimated Gas Usage: 272 - 367 A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 ==== Exception State ==== SWC ID: 110 @@ -41,4 +50,7 @@ Estimated Gas Usage: 268 - 363 A reachable exception has been detected. It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown index e6f7f11e..84018922 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown @@ -13,6 +13,7 @@ The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + ## Use of callcode - SWC ID: 111 - Severity: Medium @@ -26,6 +27,7 @@ External calls return a boolean value. If the callee contract halts with an exce Use of callcode is deprecated. The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. + ## Delegatecall Proxy To User-Supplied Address - SWC ID: 112 - Severity: Medium @@ -39,6 +41,11 @@ The callcode method executes code of another contract in the context of the call The contract delegates execution to another contract with a user-supplied address. The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. +### Transaction Sequence + +Caller: [ATTACKER], data: 0x9b58bc26bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -52,6 +59,7 @@ The smart contract delegates execution to a user-supplied address. Note that cal The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + ## External Call To User-Supplied Address - SWC ID: 107 - Severity: Medium @@ -65,6 +73,11 @@ External calls return a boolean value. If the callee contract halts with an exce A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0xeea4c864bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -77,3 +90,4 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text index 1bb3abad..54668dab 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text @@ -30,6 +30,9 @@ Estimated Gas Usage: 1176 - 35928 The contract delegates execution to another contract with a user-supplied address. The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0x9b58bc26bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 @@ -52,6 +55,9 @@ Estimated Gas Usage: 477 - 1229 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xeea4c864bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/metacoin.sol.o.markdown index 321484fd..51d7ec54 100644 --- a/tests/testdata/outputs_expected/metacoin.sol.o.markdown +++ b/tests/testdata/outputs_expected/metacoin.sol.o.markdown @@ -1,3 +1,2 @@ # Analysis results for None - The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown index a7eac008..a3be3902 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown +++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown @@ -12,3 +12,8 @@ Anyone can withdraw ETH from the contract account. Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. + +### Transaction Sequence + +Caller: [ATTACKER], data: 0x8a4068dd, value: 0x0 + diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/multi_contracts.sol.o.text index a8388020..afad9838 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.text +++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.text @@ -8,4 +8,7 @@ Estimated Gas Usage: 186 - 467 Anyone can withdraw ETH from the contract account. Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0x8a4068dd, value: 0x0 diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/nonascii.sol.o.markdown index 321484fd..51d7ec54 100644 --- a/tests/testdata/outputs_expected/nonascii.sol.o.markdown +++ b/tests/testdata/outputs_expected/nonascii.sol.o.markdown @@ -1,3 +1,2 @@ # Analysis results for None - The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/origin.sol.o.markdown b/tests/testdata/outputs_expected/origin.sol.o.markdown index 1f5f83ac..3afd57b5 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.markdown +++ b/tests/testdata/outputs_expected/origin.sol.o.markdown @@ -13,3 +13,4 @@ Use of tx.origin is deprecated. The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin + diff --git a/tests/testdata/outputs_expected/overflow.sol.o.json b/tests/testdata/outputs_expected/overflow.sol.o.json index 16a2253b..1fac0d57 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.json +++ b/tests/testdata/outputs_expected/overflow.sol.o.json @@ -42,4 +42,4 @@ } ], "success": true -} +} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 index 53028f4a..d81b5c57 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 +++ b/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 @@ -63,4 +63,4 @@ ], "sourceType": "raw-bytecode" } -] +] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown index 82642a1e..845c97e7 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/overflow.sol.o.markdown @@ -13,6 +13,11 @@ The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. +### Transaction Sequence + +Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 + + ## Integer Underflow - SWC ID: 101 - Severity: High @@ -26,6 +31,11 @@ The operands of the subtraction operation are not sufficiently constrained. The The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. +### Transaction Sequence + +Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 + + ## Integer Overflow - SWC ID: 101 - Severity: High @@ -38,3 +48,8 @@ The operands of the subtraction operation are not sufficiently constrained. The The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. + +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 + diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text index e70dda5b..7fd1f2cf 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ b/tests/testdata/outputs_expected/overflow.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 17019 - 78155 The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 ==== Integer Underflow ==== SWC ID: 101 @@ -19,6 +22,9 @@ Estimated Gas Usage: 17019 - 78155 The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 ==== Integer Overflow ==== SWC ID: 101 @@ -30,4 +36,7 @@ Estimated Gas Usage: 17019 - 78155 The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown index 5309f405..6ef8b983 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown +++ b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown @@ -13,6 +13,11 @@ A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0x633ab5e0, value: 0x0 + + ## External Call To User-Supplied Address - SWC ID: 107 - Severity: Medium @@ -26,6 +31,11 @@ The callee address of an external message call can be set by the caller. Note th A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. +### Transaction Sequence + +Caller: [ATTACKER], data: 0xe3bea282, value: 0x0 + + ## Unchecked Call Return Value - SWC ID: 104 - Severity: Low @@ -38,3 +48,4 @@ The callee address of an external message call can be set by the caller. Note th The return value of a message call is not checked. External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. + diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.text b/tests/testdata/outputs_expected/returnvalue.sol.o.text index baff23ea..3836ea12 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.text +++ b/tests/testdata/outputs_expected/returnvalue.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 599 - 1210 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0x633ab5e0, value: 0x0 ==== External Call To User-Supplied Address ==== SWC ID: 107 @@ -19,6 +22,9 @@ Estimated Gas Usage: 621 - 1232 A call to a user-supplied address is executed. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xe3bea282, value: 0x0 ==== Unchecked Call Return Value ==== SWC ID: 104 diff --git a/tests/testdata/outputs_expected/suicide.sol.o.markdown b/tests/testdata/outputs_expected/suicide.sol.o.markdown index f31b9f3f..286f3573 100644 --- a/tests/testdata/outputs_expected/suicide.sol.o.markdown +++ b/tests/testdata/outputs_expected/suicide.sol.o.markdown @@ -12,3 +12,8 @@ The contract can be killed by anyone. Anyone can kill this contract and withdraw its balance to an arbitrary address. + +### Transaction Sequence + +Caller: [ATTACKER], data: 0xcbf0b0c0bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 + diff --git a/tests/testdata/outputs_expected/suicide.sol.o.text b/tests/testdata/outputs_expected/suicide.sol.o.text index 45dd0295..abd80dd6 100644 --- a/tests/testdata/outputs_expected/suicide.sol.o.text +++ b/tests/testdata/outputs_expected/suicide.sol.o.text @@ -8,4 +8,7 @@ Estimated Gas Usage: 168 - 263 The contract can be killed by anyone. Anyone can kill this contract and withdraw its balance to an arbitrary address. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xcbf0b0c0bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 diff --git a/tests/testdata/outputs_expected/underflow.sol.o.json b/tests/testdata/outputs_expected/underflow.sol.o.json index 416d1176..979465f3 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.json +++ b/tests/testdata/outputs_expected/underflow.sol.o.json @@ -42,4 +42,4 @@ } ], "success": true -} +} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 index c99aae49..c8b6835e 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 +++ b/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 @@ -63,4 +63,4 @@ ], "sourceType": "raw-bytecode" } -] +] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown index acc444d4..23719def 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/underflow.sol.o.markdown @@ -13,6 +13,11 @@ The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 + + ## Integer Underflow - SWC ID: 101 - Severity: High @@ -26,6 +31,11 @@ The operands of the subtraction operation are not sufficiently constrained. The The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. +### Transaction Sequence + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 + + ## Integer Overflow - SWC ID: 101 - Severity: High @@ -38,3 +48,8 @@ The operands of the subtraction operation are not sufficiently constrained. The The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. + +### Transaction Sequence + +Caller: [ATTACKER], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000020, value: 0x0 + diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text index 498ff588..fea13f7c 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ b/tests/testdata/outputs_expected/underflow.sol.o.text @@ -8,6 +8,9 @@ Estimated Gas Usage: 11915 - 52861 The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 ==== Integer Underflow ==== SWC ID: 101 @@ -19,6 +22,9 @@ Estimated Gas Usage: 11915 - 52861 The binary subtraction can underflow. The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 ==== Integer Overflow ==== SWC ID: 101 @@ -30,4 +36,7 @@ Estimated Gas Usage: 11915 - 52861 The binary addition can overflow. The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. -------------------- +Transaction Sequence: + +Caller: [ATTACKER], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000020, value: 0x0 From 02a8e4994bc5d745f43216009fd4452cf82e5155 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 26 Jun 2019 15:39:40 +0200 Subject: [PATCH 7/7] Remove tests --- tests/report_test.py | 200 ------------------ .../outputs_expected/calls.sol.o.json | 123 ----------- .../outputs_expected/calls.sol.o.jsonv2 | 174 --------------- .../outputs_expected/calls.sol.o.markdown | 143 ------------- .../outputs_expected/calls.sol.o.text | 111 ---------- .../outputs_expected/ether_send.sol.o.json | 32 --- .../outputs_expected/ether_send.sol.o.jsonv2 | 48 ----- .../ether_send.sol.o.markdown | 37 ---- .../outputs_expected/ether_send.sol.o.text | 28 --- .../outputs_expected/exceptions.sol.o.json | 58 ----- .../outputs_expected/exceptions.sol.o.jsonv2 | 84 -------- .../exceptions.sol.o.markdown | 73 ------- .../outputs_expected/exceptions.sol.o.text | 56 ----- .../kinds_of_calls.sol.o.json | 84 -------- .../kinds_of_calls.sol.o.jsonv2 | 120 ----------- .../kinds_of_calls.sol.o.markdown | 93 -------- .../kinds_of_calls.sol.o.text | 72 ------- .../outputs_expected/metacoin.sol.o.json | 5 - .../outputs_expected/metacoin.sol.o.jsonv2 | 11 - .../outputs_expected/metacoin.sol.o.markdown | 2 - .../outputs_expected/metacoin.sol.o.text | 1 - .../multi_contracts.sol.o.json | 19 -- .../multi_contracts.sol.o.jsonv2 | 30 --- .../multi_contracts.sol.o.markdown | 19 -- .../multi_contracts.sol.o.text | 14 -- .../outputs_expected/nonascii.sol.o.json | 5 - .../outputs_expected/nonascii.sol.o.jsonv2 | 11 - .../outputs_expected/nonascii.sol.o.markdown | 2 - .../outputs_expected/nonascii.sol.o.text | 1 - .../outputs_expected/origin.sol.o.json | 19 -- .../outputs_expected/origin.sol.o.jsonv2 | 30 --- .../outputs_expected/origin.sol.o.markdown | 16 -- .../outputs_expected/origin.sol.o.text | 12 -- .../outputs_expected/overflow.sol.o.json | 45 ---- .../outputs_expected/overflow.sol.o.jsonv2 | 66 ------ .../outputs_expected/overflow.sol.o.markdown | 55 ----- .../outputs_expected/overflow.sol.o.text | 42 ---- .../outputs_expected/returnvalue.sol.o.json | 45 ---- .../outputs_expected/returnvalue.sol.o.jsonv2 | 66 ------ .../returnvalue.sol.o.markdown | 51 ----- .../outputs_expected/returnvalue.sol.o.text | 39 ---- .../outputs_expected/suicide.sol.o.json | 19 -- .../outputs_expected/suicide.sol.o.jsonv2 | 30 --- .../outputs_expected/suicide.sol.o.markdown | 19 -- .../outputs_expected/suicide.sol.o.text | 14 -- .../outputs_expected/underflow.sol.o.json | 45 ---- .../outputs_expected/underflow.sol.o.jsonv2 | 66 ------ .../outputs_expected/underflow.sol.o.markdown | 55 ----- .../outputs_expected/underflow.sol.o.text | 42 ---- 49 files changed, 2432 deletions(-) delete mode 100644 tests/report_test.py delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.json delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.text delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.json delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.text delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.json delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.text delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.json delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.text delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.json delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.text delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.json delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.text delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.json delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.text delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.json delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.text delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.json delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.text delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.json delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.text delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.json delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.text delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.json delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.text diff --git a/tests/report_test.py b/tests/report_test.py deleted file mode 100644 index 73554880..00000000 --- a/tests/report_test.py +++ /dev/null @@ -1,200 +0,0 @@ -from mythril.analysis.report import Report -from mythril.analysis.security import fire_lasers, reset_callback_modules -from mythril.analysis.symbolic import SymExecWrapper -from mythril.ethereum import util -from mythril.solidity.soliditycontract import EVMContract -from multiprocessing import Pool, cpu_count -import pytest -import json -from tests import * -import difflib - - -def _fix_path(text): - return text.replace(str(TESTDATA), "") - - -def _fix_debug_data(json_str): - read_json = json.loads(json_str) - for issue in read_json["issues"]: - issue["tx_sequence"] = "" - - return json.dumps(read_json, sort_keys=True, indent=4) - - -def _add_jsonv2_stubs(json_str): - read_json = json.loads(json_str) - for issue in read_json[0]["issues"]: - issue["extra"]["discoveryTime"] = "" - issue["extra"]["testCase"] = "" - return json.dumps(read_json, sort_keys=True, indent=4) - - -def _generate_report(input_file): - contract = EVMContract(input_file.read_text(), enable_online_lookup=False) - sym = SymExecWrapper( - contract, - address=0xAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFE, - strategy="dfs", - execution_timeout=30, - transaction_count=1, - ) - issues = fire_lasers(sym) - - report = Report(contracts=[contract]) - for issue in issues: - issue.filename = "test-filename.sol" - report.append_issue(issue) - return report, input_file - - -@pytest.fixture(scope="module") -def reports(): - """Fixture that analyses all reports.""" - reset_callback_modules() - pool = Pool(cpu_count()) - input_files = sorted( - [f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"] - ) - results = pool.map(_generate_report, input_files) - - return results - - -def _assert_empty(changed_files, postfix): - """Asserts there are no changed files and otherwise builds error - message.""" - message = "" - for input_file in changed_files: - output_expected = ( - (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)) - .read_text() - .splitlines(1) - ) - output_current = ( - (TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)) - .read_text() - .splitlines(1) - ) - - difference = "".join(difflib.unified_diff(output_expected, output_current)) - message += "Found differing file for input: {} \n Difference: \n {} \n".format( - str(input_file), str(difference) - ) - - assert message == "", message - - -def _assert_empty_json(changed_files, postfix=".json"): - """Asserts there are no changed files and otherwise builds error - message.""" - expected = [] - actual = [] - - def ordered(obj): - """ - - :param obj: - :return: - """ - if isinstance(obj, dict): - return sorted((k, ordered(v)) for k, v in obj.items()) - elif isinstance(obj, list): - return sorted(ordered(x) for x in obj) - else: - return obj - - for input_file in changed_files: - output_expected = json.loads( - (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text() - ) - output_current = json.loads( - (TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text() - ) - - if not ordered(output_expected) == ordered(output_current): - expected.append(output_expected) - actual.append(output_current) - print("Found difference in {}".format(str(input_file))) - - assert expected == actual - - -def _get_changed_files(postfix, report_builder, reports): - """Returns a generator for all unexpected changes in generated reports. - - :param postfix: The applicable postfix - :param report_builder: serialization function - :param reports: The reports to serialize - :return: Changed files - """ - for report, input_file in reports: - output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) - output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) - output_current.write_text(report_builder(report)) - if not (output_expected.read_text() == output_current.read_text()): - yield input_file - - -def _get_changed_files_json(report_builder, reports, postfix=".json"): - def ordered(obj): - """ - - :param obj: - :return: - """ - if isinstance(obj, dict): - return sorted((k, ordered(v)) for k, v in obj.items()) - elif isinstance(obj, list): - return sorted(ordered(x) for x in obj) - else: - return obj - - for report, input_file in reports: - output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) - output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) - output_current.write_text(report_builder(report)) - - if not ordered(json.loads(output_expected.read_text())) == ordered( - json.loads(output_current.read_text()) - ): - yield input_file - - -def test_json_report(reports): - _assert_empty_json( - _get_changed_files_json( - lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports - ) - ) - - -def test_markdown_report(reports): - _assert_empty( - _get_changed_files( - ".markdown", lambda report: _fix_path(report.as_markdown()), reports - ), - ".markdown", - ) - - -def test_text_report(reports): - _assert_empty( - _get_changed_files( - ".text", lambda report: _fix_path(report.as_text()), reports - ), - ".text", - ) - - -def test_jsonv2_report(reports): - _assert_empty_json( - _get_changed_files_json( - lambda report: _fix_path( - _add_jsonv2_stubs(report.as_swc_standard_format()) - ).strip(), - reports, - ".jsonv2", - ), - ".jsonv2", - ) diff --git a/tests/testdata/outputs_expected/calls.sol.o.json b/tests/testdata/outputs_expected/calls.sol.o.json deleted file mode 100644 index 0219f575..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 661, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "thisisfine()", - "max_gas_used": 1254, - "min_gas_used": 643, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 661, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "thisisfine()", - "max_gas_used": 35972, - "min_gas_used": 1361, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 779, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callstoredaddress()", - "max_gas_used": 1298, - "min_gas_used": 687, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 779, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "callstoredaddress()", - "max_gas_used": 36016, - "min_gas_used": 1405, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 858, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "reentrancy()", - "max_gas_used": 1320, - "min_gas_used": 709, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 858, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "reentrancy()", - "max_gas_used": 61052, - "min_gas_used": 6441, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 869, - "contract": "Unknown", - "description": "The contract account state is changed after an external call. \nConsider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", - "function": "reentrancy()", - "max_gas_used": null, - "min_gas_used": null, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "State change after external call", - "tx_sequence": "" - }, - { - "address": 912, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "calluseraddress(address)", - "max_gas_used": 616, - "min_gas_used": 335, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 912, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "calluseraddress(address)", - "max_gas_used": 35336, - "min_gas_used": 1055, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/calls.sol.o.jsonv2 b/tests/testdata/outputs_expected/calls.sol.o.jsonv2 deleted file mode 100644 index 9bab6f6a..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.jsonv2 +++ /dev/null @@ -1,174 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "661:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "779:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "858:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "912:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The contract account state is changed after an external call. ", - "tail": "Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "869:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "661:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "779:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "858:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "912:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown deleted file mode 100644 index dfcde59b..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ /dev/null @@ -1,143 +0,0 @@ -# Analysis results for test-filename.sol - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `thisisfine()` -- PC address: 661 -- Estimated Gas Usage: 643 - 1254 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0x5a6814ec, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `thisisfine()` -- PC address: 661 -- Estimated Gas Usage: 1361 - 35972 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callstoredaddress()` -- PC address: 779 -- Estimated Gas Usage: 687 - 1298 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xd24b08cc, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `callstoredaddress()` -- PC address: 779 -- Estimated Gas Usage: 1405 - 36016 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 858 -- Estimated Gas Usage: 709 - 1320 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xe11f493e, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 858 -- Estimated Gas Usage: 6441 - 61052 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - - -## State change after external call -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 869 -- Estimated Gas Usage: None - None - -### Description - -The contract account state is changed after an external call. -Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. - - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `calluseraddress(address)` -- PC address: 912 -- Estimated Gas Usage: 335 - 616 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xe1d10f79bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `calluseraddress(address)` -- PC address: 912 -- Estimated Gas Usage: 1055 - 35336 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text deleted file mode 100644 index f78e645c..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ /dev/null @@ -1,111 +0,0 @@ -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: thisisfine() -PC address: 661 -Estimated Gas Usage: 643 - 1254 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0x5a6814ec, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: thisisfine() -PC address: 661 -Estimated Gas Usage: 1361 - 35972 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callstoredaddress() -PC address: 779 -Estimated Gas Usage: 687 - 1298 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xd24b08cc, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: callstoredaddress() -PC address: 779 -Estimated Gas Usage: 1405 - 36016 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: reentrancy() -PC address: 858 -Estimated Gas Usage: 709 - 1320 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xe11f493e, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: reentrancy() -PC address: 858 -Estimated Gas Usage: 6441 - 61052 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== State change after external call ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: reentrancy() -PC address: 869 -Estimated Gas Usage: None - None -The contract account state is changed after an external call. -Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: calluseraddress(address) -PC address: 912 -Estimated Gas Usage: 335 - 616 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xe1d10f79bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: calluseraddress(address) -PC address: 912 -Estimated Gas Usage: 1055 - 35336 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.json b/tests/testdata/outputs_expected/ether_send.sol.o.json deleted file mode 100644 index 1d2e4a19..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 722, - "contract": "Unknown", - "description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", - "function": "withdrawfunds()", - "max_gas_used": 1749, - "min_gas_used": 1138, - "severity": "High", - "sourceMap": null, - "swc-id": "105", - "title": "Unprotected Ether Withdrawal", - "tx_sequence": "" - }, - { - "address": 883, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "invest()", - "max_gas_used": 26883, - "min_gas_used": 6598, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 b/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 deleted file mode 100644 index e848bd2f..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 +++ /dev/null @@ -1,48 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Anyone can withdraw ETH from the contract account.", - "tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "722:1:0" - } - ], - "severity": "High", - "swcID": "SWC-105", - "swcTitle": "Unprotected Ether Withdrawal" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "883:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x3746c7c2ae7b0d4c3f8b1905df9a7ea169b9f93bec68a10a00b4c9d27a18c6fb" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/ether_send.sol.o.markdown deleted file mode 100644 index fb7c7857..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.markdown +++ /dev/null @@ -1,37 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Ether Withdrawal -- SWC ID: 105 -- Severity: High -- Contract: Unknown -- Function name: `withdrawfunds()` -- PC address: 722 -- Estimated Gas Usage: 1138 - 1749 - -### Description - -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0x6c343ffe, value: 0x0 - - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `invest()` -- PC address: 883 -- Estimated Gas Usage: 6598 - 26883 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x1 - diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.text b/tests/testdata/outputs_expected/ether_send.sol.o.text deleted file mode 100644 index 396d20de..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.text +++ /dev/null @@ -1,28 +0,0 @@ -==== Unprotected Ether Withdrawal ==== -SWC ID: 105 -Severity: High -Contract: Unknown -Function name: withdrawfunds() -PC address: 722 -Estimated Gas Usage: 1138 - 1749 -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0x6c343ffe, value: 0x0 - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: invest() -PC address: 883 -Estimated Gas Usage: 6598 - 26883 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x1 - diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.json b/tests/testdata/outputs_expected/exceptions.sol.o.json deleted file mode 100644 index 19030e55..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 446, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "assert3(uint256)", - "max_gas_used": 301, - "min_gas_used": 206, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 484, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "arrayaccess(uint256)", - "max_gas_used": 351, - "min_gas_used": 256, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 506, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "divisionby0(uint256)", - "max_gas_used": 367, - "min_gas_used": 272, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 531, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "assert1()", - "max_gas_used": 363, - "min_gas_used": 268, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 b/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 deleted file mode 100644 index 43b6ca48..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 +++ /dev/null @@ -1,84 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "446:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "484:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "506:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "531:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x4a773a86bc6fb269f88bf09bb3094de29b6073cf13b1760e9d01d957f50a9dfd" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/exceptions.sol.o.markdown deleted file mode 100644 index 0b52430a..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.markdown +++ /dev/null @@ -1,73 +0,0 @@ -# Analysis results for test-filename.sol - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `assert3(uint256)` -- PC address: 446 -- Estimated Gas Usage: 206 - 301 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -### Transaction Sequence - -Caller: [SOMEGUY], data: 0x546455b50000000000000000000000000000000000000000000000000000000000000017, value: 0x0 - - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `arrayaccess(uint256)` -- PC address: 484 -- Estimated Gas Usage: 256 - 351 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -### Transaction Sequence - -Caller: [SOMEGUY], data: 0x92dd38ea80, value: 0x0 - - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `divisionby0(uint256)` -- PC address: 506 -- Estimated Gas Usage: 272 - 367 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `assert1()` -- PC address: 531 -- Estimated Gas Usage: 268 - 363 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.text b/tests/testdata/outputs_expected/exceptions.sol.o.text deleted file mode 100644 index 69c5679c..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.text +++ /dev/null @@ -1,56 +0,0 @@ -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: assert3(uint256) -PC address: 446 -Estimated Gas Usage: 206 - 301 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- -Transaction Sequence: - -Caller: [SOMEGUY], data: 0x546455b50000000000000000000000000000000000000000000000000000000000000017, value: 0x0 - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: arrayaccess(uint256) -PC address: 484 -Estimated Gas Usage: 256 - 351 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- -Transaction Sequence: - -Caller: [SOMEGUY], data: 0x92dd38ea80, value: 0x0 - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: divisionby0(uint256) -PC address: 506 -Estimated Gas Usage: 272 - 367 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: assert1() -PC address: 531 -Estimated Gas Usage: 268 - 363 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json deleted file mode 100644 index c2ee1fd0..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 618, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0x141f32ff", - "max_gas_used": 35865, - "min_gas_used": 1113, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 618, - "contract": "Unknown", - "description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", - "function": "_function_0x141f32ff", - "max_gas_used": 1141, - "min_gas_used": 389, - "severity": "Medium", - "sourceMap": null, - "swc-id": "111", - "title": "Use of callcode", - "tx_sequence": "" - }, - { - "address": 849, - "contract": "Unknown", - "description": "The contract delegates execution to another contract with a user-supplied address.\nThe smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. ", - "function": "_function_0x9b58bc26", - "max_gas_used": 35928, - "min_gas_used": 1176, - "severity": "Medium", - "sourceMap": null, - "swc-id": "112", - "title": "Delegatecall Proxy To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 849, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0x9b58bc26", - "max_gas_used": 35928, - "min_gas_used": 1176, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 1038, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "_function_0xeea4c864", - "max_gas_used": 1229, - "min_gas_used": 477, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 1038, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0xeea4c864", - "max_gas_used": 35953, - "min_gas_used": 1201, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 deleted file mode 100644 index d4f5cf82..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 +++ /dev/null @@ -1,120 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The contract delegates execution to another contract with a user-supplied address.", - "tail": "The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. " - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "849:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-112", - "swcTitle": "Delegatecall to Untrusted Callee" - }, - { - "description": { - "head": "Use of callcode is deprecated.", - "tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "618:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-111", - "swcTitle": "Use of Deprecated Solidity Functions" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "1038:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "618:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "849:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "1038:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown deleted file mode 100644 index 84018922..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown +++ /dev/null @@ -1,93 +0,0 @@ -# Analysis results for test-filename.sol - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0x141f32ff` -- PC address: 618 -- Estimated Gas Usage: 1113 - 35865 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - - -## Use of callcode -- SWC ID: 111 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0x141f32ff` -- PC address: 618 -- Estimated Gas Usage: 389 - 1141 - -### Description - -Use of callcode is deprecated. -The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. - - -## Delegatecall Proxy To User-Supplied Address -- SWC ID: 112 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0x9b58bc26` -- PC address: 849 -- Estimated Gas Usage: 1176 - 35928 - -### Description - -The contract delegates execution to another contract with a user-supplied address. -The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0x9b58bc26bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0x9b58bc26` -- PC address: 849 -- Estimated Gas Usage: 1176 - 35928 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1038 -- Estimated Gas Usage: 477 - 1229 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xeea4c864bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1038 -- Estimated Gas Usage: 1201 - 35953 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text deleted file mode 100644 index 54668dab..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text +++ /dev/null @@ -1,72 +0,0 @@ -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0x141f32ff -PC address: 618 -Estimated Gas Usage: 1113 - 35865 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== Use of callcode ==== -SWC ID: 111 -Severity: Medium -Contract: Unknown -Function name: _function_0x141f32ff -PC address: 618 -Estimated Gas Usage: 389 - 1141 -Use of callcode is deprecated. -The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. --------------------- - -==== Delegatecall Proxy To User-Supplied Address ==== -SWC ID: 112 -Severity: Medium -Contract: Unknown -Function name: _function_0x9b58bc26 -PC address: 849 -Estimated Gas Usage: 1176 - 35928 -The contract delegates execution to another contract with a user-supplied address. -The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0x9b58bc26bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0x9b58bc26 -PC address: 849 -Estimated Gas Usage: 1176 - 35928 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1038 -Estimated Gas Usage: 477 - 1229 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xeea4c864bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1038 -Estimated Gas Usage: 1201 - 35953 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.json b/tests/testdata/outputs_expected/metacoin.sol.o.json deleted file mode 100644 index 712f50c1..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "error": null, - "issues": [], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 b/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 deleted file mode 100644 index 40de69b4..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "issues": [], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x0e6f727bb3301e02d3be831bf34357522fd2f1d40e90dff8e2214553b06b5f6c" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/metacoin.sol.o.markdown deleted file mode 100644 index 51d7ec54..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.markdown +++ /dev/null @@ -1,2 +0,0 @@ -# Analysis results for None -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.text b/tests/testdata/outputs_expected/metacoin.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/multi_contracts.sol.o.json deleted file mode 100644 index cf2fd3af..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 142, - "contract": "Unknown", - "description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", - "function": "transfer()", - "max_gas_used": 467, - "min_gas_used": 186, - "severity": "High", - "sourceMap": null, - "swc-id": "105", - "title": "Unprotected Ether Withdrawal", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 b/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 deleted file mode 100644 index ec36d8ca..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Anyone can withdraw ETH from the contract account.", - "tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "142:1:0" - } - ], - "severity": "High", - "swcID": "SWC-105", - "swcTitle": "Unprotected Ether Withdrawal" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xbc9c3d9db56d20cf4ca3b6fd88ff9215cf728a092cca1ed8edb83272b933ff5b" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown deleted file mode 100644 index a3be3902..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown +++ /dev/null @@ -1,19 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Ether Withdrawal -- SWC ID: 105 -- Severity: High -- Contract: Unknown -- Function name: `transfer()` -- PC address: 142 -- Estimated Gas Usage: 186 - 467 - -### Description - -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0x8a4068dd, value: 0x0 - diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/multi_contracts.sol.o.text deleted file mode 100644 index afad9838..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.text +++ /dev/null @@ -1,14 +0,0 @@ -==== Unprotected Ether Withdrawal ==== -SWC ID: 105 -Severity: High -Contract: Unknown -Function name: transfer() -PC address: 142 -Estimated Gas Usage: 186 - 467 -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0x8a4068dd, value: 0x0 - diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.json b/tests/testdata/outputs_expected/nonascii.sol.o.json deleted file mode 100644 index 712f50c1..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "error": null, - "issues": [], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 b/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 deleted file mode 100644 index 0667ad8c..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "issues": [], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x11a78eb09819f505ba4f10747e6d1f7a44480e602c67573b7abac2f733a85d93" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/nonascii.sol.o.markdown deleted file mode 100644 index 51d7ec54..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.markdown +++ /dev/null @@ -1,2 +0,0 @@ -# Analysis results for None -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.text b/tests/testdata/outputs_expected/nonascii.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/origin.sol.o.json b/tests/testdata/outputs_expected/origin.sol.o.json deleted file mode 100644 index 6d79baf7..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 317, - "contract": "Unknown", - "description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", - "function": "transferOwnership(address)", - "max_gas_used": 1051, - "min_gas_used": 626, - "severity": "Medium", - "sourceMap": null, - "swc-id": "111", - "title": "Use of tx.origin", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/origin.sol.o.jsonv2 b/tests/testdata/outputs_expected/origin.sol.o.jsonv2 deleted file mode 100644 index ec679550..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Use of tx.origin is deprecated.", - "tail": "The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin" - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "317:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-111", - "swcTitle": "Use of Deprecated Solidity Functions" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/origin.sol.o.markdown b/tests/testdata/outputs_expected/origin.sol.o.markdown deleted file mode 100644 index 3afd57b5..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.markdown +++ /dev/null @@ -1,16 +0,0 @@ -# Analysis results for test-filename.sol - -## Use of tx.origin -- SWC ID: 111 -- Severity: Medium -- Contract: Unknown -- Function name: `transferOwnership(address)` -- PC address: 317 -- Estimated Gas Usage: 626 - 1051 - -### Description - -Use of tx.origin is deprecated. -The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin - diff --git a/tests/testdata/outputs_expected/origin.sol.o.text b/tests/testdata/outputs_expected/origin.sol.o.text deleted file mode 100644 index b7ebc992..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.text +++ /dev/null @@ -1,12 +0,0 @@ -==== Use of tx.origin ==== -SWC ID: 111 -Severity: Medium -Contract: Unknown -Function name: transferOwnership(address) -PC address: 317 -Estimated Gas Usage: 626 - 1051 -Use of tx.origin is deprecated. -The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin --------------------- - diff --git a/tests/testdata/outputs_expected/overflow.sol.o.json b/tests/testdata/outputs_expected/overflow.sol.o.json deleted file mode 100644 index 1fac0d57..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 567, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 649, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 725, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 deleted file mode 100644 index d81b5c57..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "567:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "649:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "725:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xf230bec502569e8b7e7737616d0ad0f200c436624e3c223e5398c0615cd2d6b9" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown deleted file mode 100644 index 845c97e7..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ /dev/null @@ -1,55 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -### Transaction Sequence - -Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 - - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -### Transaction Sequence - -Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 - - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text deleted file mode 100644 index 7fd1f2cf..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ /dev/null @@ -1,42 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -Estimated Gas Usage: 17019 - 78155 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 - -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -Estimated Gas Usage: 17019 - 78155 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [SOMEGUY], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000080, value: 0x0 - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -Estimated Gas Usage: 17019 - 78155 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.json b/tests/testdata/outputs_expected/returnvalue.sol.o.json deleted file mode 100644 index bd7c8a97..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 196, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callchecked()", - "max_gas_used": 1210, - "min_gas_used": 599, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 285, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callnotchecked()", - "max_gas_used": 1232, - "min_gas_used": 621, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 285, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "callnotchecked()", - "max_gas_used": 35950, - "min_gas_used": 1339, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 b/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 deleted file mode 100644 index 8e5bf428..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "196:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "285:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "285:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xb191cf6cc0d8cc37a91c9d88019cc011b932169fb5776df616e2bb9cd93b4039" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown deleted file mode 100644 index 6ef8b983..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown +++ /dev/null @@ -1,51 +0,0 @@ -# Analysis results for test-filename.sol - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callchecked()` -- PC address: 196 -- Estimated Gas Usage: 599 - 1210 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0x633ab5e0, value: 0x0 - - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callnotchecked()` -- PC address: 285 -- Estimated Gas Usage: 621 - 1232 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xe3bea282, value: 0x0 - - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `callnotchecked()` -- PC address: 285 -- Estimated Gas Usage: 1339 - 35950 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.text b/tests/testdata/outputs_expected/returnvalue.sol.o.text deleted file mode 100644 index 3836ea12..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.text +++ /dev/null @@ -1,39 +0,0 @@ -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callchecked() -PC address: 196 -Estimated Gas Usage: 599 - 1210 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0x633ab5e0, value: 0x0 - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callnotchecked() -PC address: 285 -Estimated Gas Usage: 621 - 1232 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xe3bea282, value: 0x0 - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: callnotchecked() -PC address: 285 -Estimated Gas Usage: 1339 - 35950 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/suicide.sol.o.json b/tests/testdata/outputs_expected/suicide.sol.o.json deleted file mode 100644 index 1c98a444..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 146, - "contract": "Unknown", - "description": "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.", - "function": "kill(address)", - "max_gas_used": 263, - "min_gas_used": 168, - "severity": "High", - "sourceMap": null, - "swc-id": "106", - "title": "Unprotected Selfdestruct", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 b/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 deleted file mode 100644 index 30daf88a..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The contract can be killed by anyone.", - "tail": "Anyone can kill this contract and withdraw its balance to an arbitrary address." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "146:1:0" - } - ], - "severity": "High", - "swcID": "SWC-106", - "swcTitle": "Unprotected SELFDESTRUCT Instruction" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x2fb801366b61a05b30550481a1c8f7d5f20de0b93d9f2f2ce2b28c4e322033c9" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/suicide.sol.o.markdown b/tests/testdata/outputs_expected/suicide.sol.o.markdown deleted file mode 100644 index 286f3573..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.markdown +++ /dev/null @@ -1,19 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Selfdestruct -- SWC ID: 106 -- Severity: High -- Contract: Unknown -- Function name: `kill(address)` -- PC address: 146 -- Estimated Gas Usage: 168 - 263 - -### Description - -The contract can be killed by anyone. -Anyone can kill this contract and withdraw its balance to an arbitrary address. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xcbf0b0c0bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - diff --git a/tests/testdata/outputs_expected/suicide.sol.o.text b/tests/testdata/outputs_expected/suicide.sol.o.text deleted file mode 100644 index abd80dd6..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.text +++ /dev/null @@ -1,14 +0,0 @@ -==== Unprotected Selfdestruct ==== -SWC ID: 106 -Severity: High -Contract: Unknown -Function name: kill(address) -PC address: 146 -Estimated Gas Usage: 168 - 263 -The contract can be killed by anyone. -Anyone can kill this contract and withdraw its balance to an arbitrary address. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xcbf0b0c0bebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0 - diff --git a/tests/testdata/outputs_expected/underflow.sol.o.json b/tests/testdata/outputs_expected/underflow.sol.o.json deleted file mode 100644 index 979465f3..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 567, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 649, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 725, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 deleted file mode 100644 index c8b6835e..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "567:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "649:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "725:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xabef56740bf7795a9f8732e4781ebd27f2977f8a4997e3ff11cee79a4ba6c0ce" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown deleted file mode 100644 index 23719def..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ /dev/null @@ -1,55 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -### Transaction Sequence - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. - -### Transaction Sequence - -Caller: [ATTACKER], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000020, value: 0x0 - diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text deleted file mode 100644 index fea13f7c..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ /dev/null @@ -1,42 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -Estimated Gas Usage: 11915 - 52861 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -Estimated Gas Usage: 11915 - 52861 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0 - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -Estimated Gas Usage: 11915 - 52861 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- -Transaction Sequence: - -Caller: [ATTACKER], data: 0xa3210e87000000000000000000000000000000000000000000000000000000000000000020, value: 0x0 -