From 1d12221ff8c700c59cef56bc06f7a6dabde6eea3 Mon Sep 17 00:00:00 2001 From: freewind Date: Sat, 24 Mar 2018 20:36:18 +0800 Subject: [PATCH] test reports generation --- myth | 6 +- mythril/analysis/report.py | 6 + tests/analysis/symbolic_test.py | 37 ++++++ tests/disassembler_test.py | 2 +- tests/solidity_contract_test.py | 2 +- tests/testdata/calls.sol.json | 1 + tests/testdata/calls.sol.markdown | 127 ++++++++++++++++++++ tests/testdata/calls.sol.text | 117 ++++++++++++++++++ tests/testdata/ether_send.sol.json | 1 + tests/testdata/ether_send.sol.markdown | 17 +++ tests/testdata/ether_send.sol.text | 15 +++ tests/testdata/exceptions.sol.json | 1 + tests/testdata/exceptions.sol.markdown | 57 +++++++++ tests/testdata/exceptions.sol.text | 52 ++++++++ tests/testdata/metacoin.sol.json | 1 + tests/testdata/metacoin.sol.markdown | 1 + tests/testdata/metacoin.sol.text | 0 tests/testdata/multi_contracts.sol.json | 1 + tests/testdata/multi_contracts.sol.markdown | 16 +++ tests/testdata/multi_contracts.sol.text | 14 +++ tests/testdata/origin.sol.json | 1 + tests/testdata/origin.sol.markdown | 16 +++ tests/testdata/origin.sol.text | 14 +++ tests/testdata/returnvalue.sol.json | 1 + tests/testdata/returnvalue.sol.markdown | 43 +++++++ tests/testdata/returnvalue.sol.text | 39 ++++++ tests/testdata/rubixi.sol.json | 1 + tests/testdata/rubixi.sol.markdown | 120 ++++++++++++++++++ tests/testdata/rubixi.sol.text | 111 +++++++++++++++++ tests/testdata/suicide.sol.json | 1 + tests/testdata/suicide.sol.markdown | 17 +++ tests/testdata/suicide.sol.text | 15 +++ tests/testdata/underflow.sol.json | 1 + tests/testdata/underflow.sol.markdown | 31 +++++ tests/testdata/underflow.sol.text | 28 +++++ tests/testdata/weak_random.sol.json | 1 + tests/testdata/weak_random.sol.markdown | 62 ++++++++++ tests/testdata/weak_random.sol.text | 57 +++++++++ 38 files changed, 1026 insertions(+), 7 deletions(-) create mode 100644 tests/analysis/symbolic_test.py create mode 100644 tests/testdata/calls.sol.json create mode 100644 tests/testdata/calls.sol.markdown create mode 100644 tests/testdata/calls.sol.text create mode 100644 tests/testdata/ether_send.sol.json create mode 100644 tests/testdata/ether_send.sol.markdown create mode 100644 tests/testdata/ether_send.sol.text create mode 100644 tests/testdata/exceptions.sol.json create mode 100644 tests/testdata/exceptions.sol.markdown create mode 100644 tests/testdata/exceptions.sol.text create mode 100644 tests/testdata/metacoin.sol.json create mode 100644 tests/testdata/metacoin.sol.markdown create mode 100644 tests/testdata/metacoin.sol.text create mode 100644 tests/testdata/multi_contracts.sol.json create mode 100644 tests/testdata/multi_contracts.sol.markdown create mode 100644 tests/testdata/multi_contracts.sol.text create mode 100644 tests/testdata/origin.sol.json create mode 100644 tests/testdata/origin.sol.markdown create mode 100644 tests/testdata/origin.sol.text create mode 100644 tests/testdata/returnvalue.sol.json create mode 100644 tests/testdata/returnvalue.sol.markdown create mode 100644 tests/testdata/returnvalue.sol.text create mode 100644 tests/testdata/rubixi.sol.json create mode 100644 tests/testdata/rubixi.sol.markdown create mode 100644 tests/testdata/rubixi.sol.text create mode 100644 tests/testdata/suicide.sol.json create mode 100644 tests/testdata/suicide.sol.markdown create mode 100644 tests/testdata/suicide.sol.text create mode 100644 tests/testdata/underflow.sol.json create mode 100644 tests/testdata/underflow.sol.markdown create mode 100644 tests/testdata/underflow.sol.text create mode 100644 tests/testdata/weak_random.sol.json create mode 100644 tests/testdata/weak_random.sol.markdown create mode 100644 tests/testdata/weak_random.sol.text diff --git a/myth b/myth index b3289bc8..b027079f 100755 --- a/myth +++ b/myth @@ -383,11 +383,7 @@ elif args.graph or args.fire_lasers: if type(contract) == SolidityContract: for issue in issues: - if issue.pc: - codeinfo = contract.get_source_info(issue.pc) - issue.filename = codeinfo.filename - issue.code = codeinfo.code - issue.lineno = codeinfo.lineno + issue.add_code_info(contract) all_issues += issues diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index eec33cbc..9ec63493 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -30,6 +30,12 @@ class Issue: return issue + def add_code_info(self, contract): + if self.pc: + codeinfo = contract.get_source_info(self.pc) + self.filename = codeinfo.filename + self.code = codeinfo.code + self.lineno = codeinfo.lineno class Report: diff --git a/tests/analysis/symbolic_test.py b/tests/analysis/symbolic_test.py new file mode 100644 index 00000000..0823775e --- /dev/null +++ b/tests/analysis/symbolic_test.py @@ -0,0 +1,37 @@ +from unittest import TestCase +from pathlib import Path + +from mythril.analysis.report import Report +from mythril.analysis.security import fire_lasers +from mythril.analysis.symbolic import SymExecWrapper +from mythril.ether import util +from mythril.ether.soliditycontract import SolidityContract + +TEST_FILES = Path(__file__).parents[1] / "testdata" + +def _fix_path(text): + return text.replace(str(TEST_FILES), "") + +class AnalysisReportTest(TestCase): + + def test_reports(self): + for input_file in TEST_FILES.iterdir(): + if input_file.is_file and input_file.suffix == '.sol': + contract = SolidityContract(str(input_file), name=None, solc_args=None) + sym = SymExecWrapper(contract, address=(util.get_indexed_address(0))) + issues = fire_lasers(sym) + + for issue in issues: + issue.add_code_info(contract) + + report = Report() + for issue in issues: + report.append_issue(issue) + + text = (TEST_FILES / (input_file.name + ".text")).read_text() + json = (TEST_FILES / (input_file.name + ".json")).read_text() + markdown = (TEST_FILES / (input_file.name + ".markdown")).read_text() + + self.assertEqual(_fix_path(report.as_text()), text) + self.assertEqual(_fix_path(report.as_json()), json) + self.assertEqual(_fix_path(report.as_markdown()), markdown) diff --git a/tests/disassembler_test.py b/tests/disassembler_test.py index 7cf68c0a..33f9123b 100644 --- a/tests/disassembler_test.py +++ b/tests/disassembler_test.py @@ -4,7 +4,7 @@ from pathlib import Path from mythril.disassembler.disassembly import Disassembly from mythril.ether import util -TEST_FILES = Path.cwd() / "testdata" +TEST_FILES = Path(__file__).parent / "testdata" def _compile_to_code(input_file): compiled = util.get_solc_json(str(input_file)) diff --git a/tests/solidity_contract_test.py b/tests/solidity_contract_test.py index 07781a46..03b39a2a 100644 --- a/tests/solidity_contract_test.py +++ b/tests/solidity_contract_test.py @@ -3,7 +3,7 @@ from pathlib import Path from mythril.ether.soliditycontract import SolidityContract -TEST_FILES = Path.cwd() / "testdata" +TEST_FILES = Path(__file__).parent / "testdata" class SolidityContractTest(TestCase): diff --git a/tests/testdata/calls.sol.json b/tests/testdata/calls.sol.json new file mode 100644 index 00000000..f008dc41 --- /dev/null +++ b/tests/testdata/calls.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "type": "Informational", "address": 661, "debug": "", "filename": "/calls.sol", "lineno": 16, "code": "fixed_address.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "type": "Warning", "address": 779, "debug": "", "filename": "/calls.sol", "lineno": 29, "code": "stored_address.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "type": "Informational", "address": 858, "debug": "", "filename": "/calls.sol", "lineno": 20, "code": "fixed_address.call()"}, {"title": "State change after external call", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "type": "Warning", "address": 869, "debug": "", "filename": "/calls.sol", "lineno": 21, "code": "statevar = 0"}, {"title": "Message call to external contract", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "type": "Warning", "address": 912, "debug": "", "filename": "/calls.sol", "lineno": 25, "code": "addr.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "type": "Informational", "address": 661, "debug": "", "filename": "/calls.sol", "lineno": 16, "code": "fixed_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "type": "Informational", "address": 779, "debug": "", "filename": "/calls.sol", "lineno": 29, "code": "stored_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "type": "Informational", "address": 858, "debug": "", "filename": "/calls.sol", "lineno": 20, "code": "fixed_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "type": "Informational", "address": 912, "debug": "", "filename": "/calls.sol", "lineno": 25, "code": "addr.call()"}]} \ No newline at end of file diff --git a/tests/testdata/calls.sol.markdown b/tests/testdata/calls.sol.markdown new file mode 100644 index 00000000..7fc9d41a --- /dev/null +++ b/tests/testdata/calls.sol.markdown @@ -0,0 +1,127 @@ +# Analysis Results +## Message call to external contract +- Type: Informational +- Contract: Caller +- Function name: `_function_0x5a6814ec` +- PC address: 661 + +### Description +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +In */calls.sol:16* + +``` +fixed_address.call() +``` +## Message call to external contract +- Type: Warning +- Contract: Caller +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +In */calls.sol:29* + +``` +stored_address.call() +``` +## Message call to external contract +- Type: Informational +- Contract: Caller +- Function name: `_function_0xe11f493e` +- PC address: 858 + +### Description +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +In */calls.sol:20* + +``` +fixed_address.call() +``` +## State change after external call +- Type: Warning +- Contract: Caller +- Function name: `_function_0xe11f493e` +- PC address: 869 + +### Description +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + +In */calls.sol:21* + +``` +statevar = 0 +``` +## Message call to external contract +- Type: Warning +- Contract: Caller +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +In */calls.sol:25* + +``` +addr.call() +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Caller +- Function name: `_function_0x5a6814ec` +- PC address: 661 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */calls.sol:16* + +``` +fixed_address.call() +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Caller +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */calls.sol:29* + +``` +stored_address.call() +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Caller +- Function name: `_function_0xe11f493e` +- PC address: 858 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */calls.sol:20* + +``` +fixed_address.call() +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Caller +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */calls.sol:25* + +``` +addr.call() +``` diff --git a/tests/testdata/calls.sol.text b/tests/testdata/calls.sol.text new file mode 100644 index 00000000..144595f2 --- /dev/null +++ b/tests/testdata/calls.sol.text @@ -0,0 +1,117 @@ +==== Message call to external contract ==== +Type: Informational +Contract: Caller +Function name: _function_0x5a6814ec +PC address: 661 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- +In file: /calls.sol:16 + +fixed_address.call() + +-------------------- + +==== Message call to external contract ==== +Type: Warning +Contract: Caller +Function name: _function_0xd24b08cc +PC address: 779 +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- +In file: /calls.sol:29 + +stored_address.call() + +-------------------- + +==== Message call to external contract ==== +Type: Informational +Contract: Caller +Function name: _function_0xe11f493e +PC address: 858 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- +In file: /calls.sol:20 + +fixed_address.call() + +-------------------- + +==== State change after external call ==== +Type: Warning +Contract: Caller +Function name: _function_0xe11f493e +PC address: 869 +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +-------------------- +In file: /calls.sol:21 + +statevar = 0 + +-------------------- + +==== Message call to external contract ==== +Type: Warning +Contract: Caller +Function name: _function_0xe1d10f79 +PC address: 912 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- +In file: /calls.sol:25 + +addr.call() + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Caller +Function name: _function_0x5a6814ec +PC address: 661 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /calls.sol:16 + +fixed_address.call() + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Caller +Function name: _function_0xd24b08cc +PC address: 779 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /calls.sol:29 + +stored_address.call() + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Caller +Function name: _function_0xe11f493e +PC address: 858 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /calls.sol:20 + +fixed_address.call() + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Caller +Function name: _function_0xe1d10f79 +PC address: 912 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /calls.sol:25 + +addr.call() + +-------------------- + diff --git a/tests/testdata/ether_send.sol.json b/tests/testdata/ether_send.sol.json new file mode 100644 index 00000000..40c35d57 --- /dev/null +++ b/tests/testdata/ether_send.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Ether send", "description": "In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'.", "function": "withdrawfunds()", "type": "Warning", "address": 816, "debug": "SOLVER OUTPUT:\nstorage_1: 0x0\ncaller: 0x0\ncalldata_Crowdfunding_0: 0x6c343ffe00000000000000000000000000000000000000000000000000000000\ncalldatasize_Crowdfunding: 0x4\ncallvalue: 0x0\n", "filename": "/ether_send.sol", "lineno": 18, "code": "msg.sender.transfer(this.balance)"}]} \ No newline at end of file diff --git a/tests/testdata/ether_send.sol.markdown b/tests/testdata/ether_send.sol.markdown new file mode 100644 index 00000000..4f61ee7a --- /dev/null +++ b/tests/testdata/ether_send.sol.markdown @@ -0,0 +1,17 @@ +# Analysis Results +## Ether send +- Type: Warning +- Contract: Crowdfunding +- Function name: `withdrawfunds()` +- PC address: 816 + +### Description +In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. + +There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. + +In */ether_send.sol:18* + +``` +msg.sender.transfer(this.balance) +``` diff --git a/tests/testdata/ether_send.sol.text b/tests/testdata/ether_send.sol.text new file mode 100644 index 00000000..fe8067b4 --- /dev/null +++ b/tests/testdata/ether_send.sol.text @@ -0,0 +1,15 @@ +==== Ether send ==== +Type: Warning +Contract: Crowdfunding +Function name: withdrawfunds() +PC address: 816 +In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. + +There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. +-------------------- +In file: /ether_send.sol:18 + +msg.sender.transfer(this.balance) + +-------------------- + diff --git a/tests/testdata/exceptions.sol.json b/tests/testdata/exceptions.sol.json new file mode 100644 index 00000000..8ca7fd07 --- /dev/null +++ b/tests/testdata/exceptions.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0x546455b5", "type": "Informational", "address": 446, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0x546455b500000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncalldata_Exceptions_4: 0x17\ncallvalue: 0x0\n", "filename": "/exceptions.sol", "lineno": 16, "code": "assert(input != 23)"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0x92dd38ea", "type": "Informational", "address": 484, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_4: 0x8\ncalldata_Exceptions_0: 0x92dd38ea00000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncallvalue: 0x0\n", "filename": "/exceptions.sol", "lineno": 34, "code": "myarray[index]"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xa08299f1", "type": "Informational", "address": 506, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0xa08299f100000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncalldata_Exceptions_4: 0x0\ncallvalue: 0x0\n", "filename": "/exceptions.sol", "lineno": 24, "code": "1/input"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xb34c3610", "type": "Informational", "address": 531, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0xb34c361000000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncallvalue: 0x0\n", "filename": "/exceptions.sol", "lineno": 7, "code": "assert(i == 0)"}]} \ No newline at end of file diff --git a/tests/testdata/exceptions.sol.markdown b/tests/testdata/exceptions.sol.markdown new file mode 100644 index 00000000..e3d2a5b0 --- /dev/null +++ b/tests/testdata/exceptions.sol.markdown @@ -0,0 +1,57 @@ +# Analysis Results +## Exception state +- Type: Informational +- Contract: Exceptions +- Function name: `_function_0x546455b5` +- PC address: 446 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */exceptions.sol:16* + +``` +assert(input != 23) +``` +## Exception state +- Type: Informational +- Contract: Exceptions +- Function name: `_function_0x92dd38ea` +- PC address: 484 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */exceptions.sol:34* + +``` +myarray[index] +``` +## Exception state +- Type: Informational +- Contract: Exceptions +- Function name: `_function_0xa08299f1` +- PC address: 506 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */exceptions.sol:24* + +``` +1/input +``` +## Exception state +- Type: Informational +- Contract: Exceptions +- Function name: `_function_0xb34c3610` +- PC address: 531 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */exceptions.sol:7* + +``` +assert(i == 0) +``` diff --git a/tests/testdata/exceptions.sol.text b/tests/testdata/exceptions.sol.text new file mode 100644 index 00000000..0d7d880a --- /dev/null +++ b/tests/testdata/exceptions.sol.text @@ -0,0 +1,52 @@ +==== Exception state ==== +Type: Informational +Contract: Exceptions +Function name: _function_0x546455b5 +PC address: 446 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /exceptions.sol:16 + +assert(input != 23) + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: Exceptions +Function name: _function_0x92dd38ea +PC address: 484 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /exceptions.sol:34 + +myarray[index] + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: Exceptions +Function name: _function_0xa08299f1 +PC address: 506 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /exceptions.sol:24 + +1/input + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: Exceptions +Function name: _function_0xb34c3610 +PC address: 531 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /exceptions.sol:7 + +assert(i == 0) + +-------------------- + diff --git a/tests/testdata/metacoin.sol.json b/tests/testdata/metacoin.sol.json new file mode 100644 index 00000000..98edfc99 --- /dev/null +++ b/tests/testdata/metacoin.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": []} \ No newline at end of file diff --git a/tests/testdata/metacoin.sol.markdown b/tests/testdata/metacoin.sol.markdown new file mode 100644 index 00000000..a478c089 --- /dev/null +++ b/tests/testdata/metacoin.sol.markdown @@ -0,0 +1 @@ +# Analysis Results diff --git a/tests/testdata/metacoin.sol.text b/tests/testdata/metacoin.sol.text new file mode 100644 index 00000000..e69de29b diff --git a/tests/testdata/multi_contracts.sol.json b/tests/testdata/multi_contracts.sol.json new file mode 100644 index 00000000..428c522d --- /dev/null +++ b/tests/testdata/multi_contracts.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Ether send", "description": "In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "transfer()", "type": "Warning", "address": 142, "debug": "SOLVER OUTPUT:\ncalldata_Transfer2_0: 0x8a4068dd00000000000000000000000000000000000000000000000000000000\ncalldatasize_Transfer2: 0x4\ncallvalue: 0x0\n", "filename": "/multi_contracts.sol", "lineno": 14, "code": "msg.sender.transfer(2 ether)"}]} \ No newline at end of file diff --git a/tests/testdata/multi_contracts.sol.markdown b/tests/testdata/multi_contracts.sol.markdown new file mode 100644 index 00000000..fb29a6ea --- /dev/null +++ b/tests/testdata/multi_contracts.sol.markdown @@ -0,0 +1,16 @@ +# Analysis Results +## Ether send +- Type: Warning +- Contract: Transfer2 +- Function name: `transfer()` +- PC address: 142 + +### Description +In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender. +It seems that this function can be called without restrictions. + +In */multi_contracts.sol:14* + +``` +msg.sender.transfer(2 ether) +``` diff --git a/tests/testdata/multi_contracts.sol.text b/tests/testdata/multi_contracts.sol.text new file mode 100644 index 00000000..916a4ca5 --- /dev/null +++ b/tests/testdata/multi_contracts.sol.text @@ -0,0 +1,14 @@ +==== Ether send ==== +Type: Warning +Contract: Transfer2 +Function name: transfer() +PC address: 142 +In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender. +It seems that this function can be called without restrictions. +-------------------- +In file: /multi_contracts.sol:14 + +msg.sender.transfer(2 ether) + +-------------------- + diff --git a/tests/testdata/origin.sol.json b/tests/testdata/origin.sol.json new file mode 100644 index 00000000..1437efe1 --- /dev/null +++ b/tests/testdata/origin.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Use of tx.origin", "description": "Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "type": "Warning", "address": 317, "debug": "", "filename": "/origin.sol", "lineno": 18, "code": "tx.origin"}]} \ No newline at end of file diff --git a/tests/testdata/origin.sol.markdown b/tests/testdata/origin.sol.markdown new file mode 100644 index 00000000..d368d969 --- /dev/null +++ b/tests/testdata/origin.sol.markdown @@ -0,0 +1,16 @@ +# Analysis Results +## Use of tx.origin +- Type: Warning +- Contract: Origin +- Function name: `transferOwnership(address)` +- PC address: 317 + +### Description +Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin + +In */origin.sol:18* + +``` +tx.origin +``` diff --git a/tests/testdata/origin.sol.text b/tests/testdata/origin.sol.text new file mode 100644 index 00000000..b9e224e1 --- /dev/null +++ b/tests/testdata/origin.sol.text @@ -0,0 +1,14 @@ +==== Use of tx.origin ==== +Type: Warning +Contract: Origin +Function name: transferOwnership(address) +PC address: 317 +Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin +-------------------- +In file: /origin.sol:18 + +tx.origin + +-------------------- + diff --git a/tests/testdata/returnvalue.sol.json b/tests/testdata/returnvalue.sol.json new file mode 100644 index 00000000..f3fea910 --- /dev/null +++ b/tests/testdata/returnvalue.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "type": "Informational", "address": 196, "debug": "", "filename": "/returnvalue.sol", "lineno": 10, "code": "callee.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "type": "Informational", "address": 285, "debug": "", "filename": "/returnvalue.sol", "lineno": 6, "code": "callee.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "type": "Informational", "address": 285, "debug": "", "filename": "/returnvalue.sol", "lineno": 6, "code": "callee.call()"}]} \ No newline at end of file diff --git a/tests/testdata/returnvalue.sol.markdown b/tests/testdata/returnvalue.sol.markdown new file mode 100644 index 00000000..c2560b5f --- /dev/null +++ b/tests/testdata/returnvalue.sol.markdown @@ -0,0 +1,43 @@ +# Analysis Results +## Message call to external contract +- Type: Informational +- Contract: ReturnValue +- Function name: `_function_0x633ab5e0` +- PC address: 196 + +### Description +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +In */returnvalue.sol:10* + +``` +callee.call() +``` +## Message call to external contract +- Type: Informational +- Contract: ReturnValue +- Function name: `_function_0xe3bea282` +- PC address: 285 + +### Description +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +In */returnvalue.sol:6* + +``` +callee.call() +``` +## Unchecked CALL return value +- Type: Informational +- Contract: ReturnValue +- Function name: `_function_0xe3bea282` +- PC address: 285 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */returnvalue.sol:6* + +``` +callee.call() +``` diff --git a/tests/testdata/returnvalue.sol.text b/tests/testdata/returnvalue.sol.text new file mode 100644 index 00000000..11b69da2 --- /dev/null +++ b/tests/testdata/returnvalue.sol.text @@ -0,0 +1,39 @@ +==== Message call to external contract ==== +Type: Informational +Contract: ReturnValue +Function name: _function_0x633ab5e0 +PC address: 196 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- +In file: /returnvalue.sol:10 + +callee.call() + +-------------------- + +==== Message call to external contract ==== +Type: Informational +Contract: ReturnValue +Function name: _function_0xe3bea282 +PC address: 285 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- +In file: /returnvalue.sol:6 + +callee.call() + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: ReturnValue +Function name: _function_0xe3bea282 +PC address: 285 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /returnvalue.sol:6 + +callee.call() + +-------------------- + diff --git a/tests/testdata/rubixi.sol.json b/tests/testdata/rubixi.sol.json new file mode 100644 index 00000000..ef87c1cf --- /dev/null +++ b/tests/testdata/rubixi.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Ether send", "description": "In the function 'collectPercentOfFees(uint256)' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'.\n\nThere is a check on storage index 6. This storage slot can be written to by calling the function 'DynamicPyramid()'.\nThere is a check on storage index 7. This storage slot can be written to by calling the function 'fallback'.", "function": "collectPercentOfFees(uint256)", "type": "Warning", "address": 1599, "debug": "SOLVER OUTPUT:\ncalldata_Rubixi_4: 0x0\nstorage_1: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nstorage_5: 0x0\ncaller: 0x0\ncalldata_Rubixi_0: 0x4229616d00000000000000000000000000000000000000000000000000000000\ncalldatasize_Rubixi: 0x4\ncallvalue: 0x0\n", "filename": "/rubixi.sol", "lineno": 93, "code": "creator.send(feesToCollect)"}, {"title": "Ether send", "description": "In the function 'collectAllFees()' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'.\n\nThere is a check on storage index 9. This storage slot can be written to by calling the function 'DynamicPyramid()'.\nThere is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'.", "function": "collectAllFees()", "type": "Warning", "address": 1940, "debug": "SOLVER OUTPUT:\nstorage_1: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nstorage_5: 0x0\ncaller: 0x0\ncalldata_Rubixi_0: 0x686f2c9000000000000000000000000000000000000000000000000000000000\ncalldatasize_Rubixi: 0x4\ncallvalue: 0x0\n", "filename": "/rubixi.sol", "lineno": 75, "code": "creator.send(collectedFees)"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "nextPayoutWhenPyramidBalanceTotalsApproximately()", "type": "Informational", "address": 1653, "debug": "The exception is triggered under the following conditions:\n\nstorage_4: 0x0\nstorage_6: 0x0\ncalldata_Rubixi_0: 0x57d4021b00000000000000000000000000000000000000000000000000000000\ncalldatasize_Rubixi: 0x4\ncallvalue: 0x0\n", "filename": "/rubixi.sol", "lineno": 131, "code": "participants[payoutOrder]"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "participantDetails(uint256)", "type": "Informational", "address": 2085, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Rubixi_4: 0x0\nstorage_6: 0x0\ncalldata_Rubixi_0: 0x9dbc4f9b00000000000000000000000000000000000000000000000000000000\ncalldatasize_Rubixi: 0x4\ncallvalue: 0x0\n", "filename": "/rubixi.sol", "lineno": 148, "code": "participants[orderInPyramid]"}, {"title": "Integer Underflow", "description": "A possible integer underflow exists in the function numberOfParticipantsWaitingForPayout().\nThe substraction may result in a value < 0.", "function": "numberOfParticipantsWaitingForPayout()", "type": "Warning", "address": 2743, "debug": "storage_6: 0x0\nstorage_4: 0x1\ncalldata_Rubixi_0: 0xd11f13df00000000000000000000000000000000000000000000000000000000\ncalldatasize_Rubixi: 0x4\ncallvalue: 0x0\n", "filename": "/rubixi.sol", "lineno": 143, "code": "participants.length - payoutOrder"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "collectPercentOfFees(uint256)", "type": "Informational", "address": 1599, "debug": "", "filename": "/rubixi.sol", "lineno": 93, "code": "creator.send(feesToCollect)"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "collectFeesInEther(uint256)", "type": "Informational", "address": 1940, "debug": "", "filename": "/rubixi.sol", "lineno": 75, "code": "creator.send(collectedFees)"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "collectFeesInEther(uint256)", "type": "Informational", "address": 2582, "debug": "", "filename": "/rubixi.sol", "lineno": 85, "code": "creator.send(_amt)"}]} \ No newline at end of file diff --git a/tests/testdata/rubixi.sol.markdown b/tests/testdata/rubixi.sol.markdown new file mode 100644 index 00000000..68c7df6e --- /dev/null +++ b/tests/testdata/rubixi.sol.markdown @@ -0,0 +1,120 @@ +# Analysis Results +## Ether send +- Type: Warning +- Contract: Rubixi +- Function name: `collectPercentOfFees(uint256)` +- PC address: 1599 + +### Description +In the function 'collectPercentOfFees(uint256)' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. + +There is a check on storage index 6. This storage slot can be written to by calling the function 'DynamicPyramid()'. +There is a check on storage index 7. This storage slot can be written to by calling the function 'fallback'. + +In */rubixi.sol:93* + +``` +creator.send(feesToCollect) +``` +## Ether send +- Type: Warning +- Contract: Rubixi +- Function name: `collectAllFees()` +- PC address: 1940 + +### Description +In the function 'collectAllFees()' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. + +There is a check on storage index 9. This storage slot can be written to by calling the function 'DynamicPyramid()'. +There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. + +In */rubixi.sol:75* + +``` +creator.send(collectedFees) +``` +## Exception state +- Type: Informational +- Contract: Rubixi +- Function name: `nextPayoutWhenPyramidBalanceTotalsApproximately()` +- PC address: 1653 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */rubixi.sol:131* + +``` +participants[payoutOrder] +``` +## Exception state +- Type: Informational +- Contract: Rubixi +- Function name: `participantDetails(uint256)` +- PC address: 2085 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */rubixi.sol:148* + +``` +participants[orderInPyramid] +``` +## Integer Underflow +- Type: Warning +- Contract: Rubixi +- Function name: `numberOfParticipantsWaitingForPayout()` +- PC address: 2743 + +### Description +A possible integer underflow exists in the function numberOfParticipantsWaitingForPayout(). +The substraction may result in a value < 0. + +In */rubixi.sol:143* + +``` +participants.length - payoutOrder +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Rubixi +- Function name: `collectPercentOfFees(uint256)` +- PC address: 1599 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */rubixi.sol:93* + +``` +creator.send(feesToCollect) +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Rubixi +- Function name: `collectFeesInEther(uint256)` +- PC address: 1940 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */rubixi.sol:75* + +``` +creator.send(collectedFees) +``` +## Unchecked CALL return value +- Type: Informational +- Contract: Rubixi +- Function name: `collectFeesInEther(uint256)` +- PC address: 2582 + +### Description +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +In */rubixi.sol:85* + +``` +creator.send(_amt) +``` diff --git a/tests/testdata/rubixi.sol.text b/tests/testdata/rubixi.sol.text new file mode 100644 index 00000000..bd662e25 --- /dev/null +++ b/tests/testdata/rubixi.sol.text @@ -0,0 +1,111 @@ +==== Ether send ==== +Type: Warning +Contract: Rubixi +Function name: collectPercentOfFees(uint256) +PC address: 1599 +In the function 'collectPercentOfFees(uint256)' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. + +There is a check on storage index 6. This storage slot can be written to by calling the function 'DynamicPyramid()'. +There is a check on storage index 7. This storage slot can be written to by calling the function 'fallback'. +-------------------- +In file: /rubixi.sol:93 + +creator.send(feesToCollect) + +-------------------- + +==== Ether send ==== +Type: Warning +Contract: Rubixi +Function name: collectAllFees() +PC address: 1940 +In the function 'collectAllFees()' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. + +There is a check on storage index 9. This storage slot can be written to by calling the function 'DynamicPyramid()'. +There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. +-------------------- +In file: /rubixi.sol:75 + +creator.send(collectedFees) + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: Rubixi +Function name: nextPayoutWhenPyramidBalanceTotalsApproximately() +PC address: 1653 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /rubixi.sol:131 + +participants[payoutOrder] + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: Rubixi +Function name: participantDetails(uint256) +PC address: 2085 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /rubixi.sol:148 + +participants[orderInPyramid] + +-------------------- + +==== Integer Underflow ==== +Type: Warning +Contract: Rubixi +Function name: numberOfParticipantsWaitingForPayout() +PC address: 2743 +A possible integer underflow exists in the function numberOfParticipantsWaitingForPayout(). +The substraction may result in a value < 0. +-------------------- +In file: /rubixi.sol:143 + +participants.length - payoutOrder + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Rubixi +Function name: collectPercentOfFees(uint256) +PC address: 1599 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /rubixi.sol:93 + +creator.send(feesToCollect) + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Rubixi +Function name: collectFeesInEther(uint256) +PC address: 1940 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /rubixi.sol:75 + +creator.send(collectedFees) + +-------------------- + +==== Unchecked CALL return value ==== +Type: Informational +Contract: Rubixi +Function name: collectFeesInEther(uint256) +PC address: 2582 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- +In file: /rubixi.sol:85 + +creator.send(_amt) + +-------------------- + diff --git a/tests/testdata/suicide.sol.json b/tests/testdata/suicide.sol.json new file mode 100644 index 00000000..6817909c --- /dev/null +++ b/tests/testdata/suicide.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Unchecked SUICIDE", "description": "The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n\nIt seems that this function can be called without restrictions.", "function": "_function_0xcbf0b0c0", "type": "Warning", "address": 146, "debug": "SOLVER OUTPUT:\ncalldata_Suicide_0: 0xcbf0b0c000000000000000000000000000000000000000000000000000000000\ncalldatasize_Suicide: 0x4\ncallvalue: 0x0\n", "filename": "/suicide.sol", "lineno": 4, "code": "selfdestruct(addr)"}]} \ No newline at end of file diff --git a/tests/testdata/suicide.sol.markdown b/tests/testdata/suicide.sol.markdown new file mode 100644 index 00000000..f59365e4 --- /dev/null +++ b/tests/testdata/suicide.sol.markdown @@ -0,0 +1,17 @@ +# Analysis Results +## Unchecked SUICIDE +- Type: Warning +- Contract: Suicide +- Function name: `_function_0xcbf0b0c0` +- PC address: 146 + +### Description +The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. + +It seems that this function can be called without restrictions. + +In */suicide.sol:4* + +``` +selfdestruct(addr) +``` diff --git a/tests/testdata/suicide.sol.text b/tests/testdata/suicide.sol.text new file mode 100644 index 00000000..85666b59 --- /dev/null +++ b/tests/testdata/suicide.sol.text @@ -0,0 +1,15 @@ +==== Unchecked SUICIDE ==== +Type: Warning +Contract: Suicide +Function name: _function_0xcbf0b0c0 +PC address: 146 +The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. + +It seems that this function can be called without restrictions. +-------------------- +In file: /suicide.sol:4 + +selfdestruct(addr) + +-------------------- + diff --git a/tests/testdata/underflow.sol.json b/tests/testdata/underflow.sol.json new file mode 100644 index 00000000..30a904df --- /dev/null +++ b/tests/testdata/underflow.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Integer Underflow", "description": "A possible integer underflow exists in the function sendeth(address,uint256).\nThe substraction may result in a value < 0.", "function": "sendeth(address,uint256)", "type": "Warning", "address": 649, "debug": "storage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncaller: 0x0\ncalldata_Under_32 + 4: 0x1\ncalldata_Under_0: 0xa3210e8700000000000000000000000000000000000000000000000000000000\ncalldatasize_Under: 0x4\ncallvalue: 0x0\n", "filename": "/underflow.sol", "lineno": 12, "code": "balances[msg.sender] -= _value"}, {"title": "Integer Underflow", "description": "A possible integer underflow exists in the function sendeth(address,uint256).\nThe substraction may result in a value < 0.", "function": "sendeth(address,uint256)", "type": "Warning", "address": 567, "debug": "storage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncaller: 0x0\ncalldata_Under_32 + 4: 0x1\ncalldata_Under_0: 0xa3210e8700000000000000000000000000000000000000000000000000000000\ncalldatasize_Under: 0x4\ncallvalue: 0x0\n", "filename": "/underflow.sol", "lineno": 11, "code": "balances[msg.sender] - _value"}]} \ No newline at end of file diff --git a/tests/testdata/underflow.sol.markdown b/tests/testdata/underflow.sol.markdown new file mode 100644 index 00000000..037063f0 --- /dev/null +++ b/tests/testdata/underflow.sol.markdown @@ -0,0 +1,31 @@ +# Analysis Results +## Integer Underflow +- Type: Warning +- Contract: Under +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description +A possible integer underflow exists in the function sendeth(address,uint256). +The substraction may result in a value < 0. + +In */underflow.sol:12* + +``` +balances[msg.sender] -= _value +``` +## Integer Underflow +- Type: Warning +- Contract: Under +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description +A possible integer underflow exists in the function sendeth(address,uint256). +The substraction may result in a value < 0. + +In */underflow.sol:11* + +``` +balances[msg.sender] - _value +``` diff --git a/tests/testdata/underflow.sol.text b/tests/testdata/underflow.sol.text new file mode 100644 index 00000000..00943023 --- /dev/null +++ b/tests/testdata/underflow.sol.text @@ -0,0 +1,28 @@ +==== Integer Underflow ==== +Type: Warning +Contract: Under +Function name: sendeth(address,uint256) +PC address: 649 +A possible integer underflow exists in the function sendeth(address,uint256). +The substraction may result in a value < 0. +-------------------- +In file: /underflow.sol:12 + +balances[msg.sender] -= _value + +-------------------- + +==== Integer Underflow ==== +Type: Warning +Contract: Under +Function name: sendeth(address,uint256) +PC address: 567 +A possible integer underflow exists in the function sendeth(address,uint256). +The substraction may result in a value < 0. +-------------------- +In file: /underflow.sol:11 + +balances[msg.sender] - _value + +-------------------- + diff --git a/tests/testdata/weak_random.sol.json b/tests/testdata/weak_random.sol.json new file mode 100644 index 00000000..dd743051 --- /dev/null +++ b/tests/testdata/weak_random.sol.json @@ -0,0 +1 @@ +{"success": true, "error": null, "issues": [{"title": "Dependence on predictable environment variable", "description": "In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient:\n- block.coinbase\n", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, "debug": "", "filename": "/weak_random.sol", "lineno": 47, "code": "winningAddress.transfer(prize)"}, {"title": "Ether send", "description": "In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'.\n\nThere is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'.\nThere is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'.", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, "debug": "SOLVER OUTPUT:\ncallvalue: 0xb1a2bc2ec50000\ncalldata_WeakRandom_0: 0x6d3b4c700000000000000000000000000000000000000000000000000000000\ncalldatasize_WeakRandom: 0x4\nstorage_1: 0x32\n", "filename": "/weak_random.sol", "lineno": 47, "code": "winningAddress.transfer(prize)"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "fallback", "type": "Informational", "address": 356, "debug": "The exception is triggered under the following conditions:\n\ncallvalue: 0x215c4a82f200000\nstorage_1: 0x31\ncalldatasize_WeakRandom: 0x3\n", "filename": "/weak_random.sol", "lineno": 11, "code": "prize / totalTickets"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xe9874106", "type": "Informational", "address": 146, "debug": "The exception is triggered under the following conditions:\n\ncallvalue: 0x2000000000000000000000000000000000000000000000068805cbe800000\nstorage_1: 0x31\ncalldata_WeakRandom_0: 0x600000000000000000000000000000000000000000000000000000000\ncalldatasize_WeakRandom: 0x4\n", "filename": "/weak_random.sol", "lineno": 11, "code": "prize / totalTickets"}]} \ No newline at end of file diff --git a/tests/testdata/weak_random.sol.markdown b/tests/testdata/weak_random.sol.markdown new file mode 100644 index 00000000..11ee00d2 --- /dev/null +++ b/tests/testdata/weak_random.sol.markdown @@ -0,0 +1,62 @@ +# Analysis Results +## Dependence on predictable environment variable +- Type: Warning +- Contract: WeakRandom +- Function name: `_function_0xe9874106` +- PC address: 1285 + +### Description +In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient: +- block.coinbase + + +In */weak_random.sol:47* + +``` +winningAddress.transfer(prize) +``` +## Ether send +- Type: Warning +- Contract: WeakRandom +- Function name: `_function_0xe9874106` +- PC address: 1285 + +### Description +In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. + +There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'. + +In */weak_random.sol:47* + +``` +winningAddress.transfer(prize) +``` +## Exception state +- Type: Informational +- Contract: WeakRandom +- Function name: `fallback` +- PC address: 356 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */weak_random.sol:11* + +``` +prize / totalTickets +``` +## Exception state +- Type: Informational +- Contract: WeakRandom +- Function name: `_function_0xe9874106` +- PC address: 146 + +### Description +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. + +In */weak_random.sol:11* + +``` +prize / totalTickets +``` diff --git a/tests/testdata/weak_random.sol.text b/tests/testdata/weak_random.sol.text new file mode 100644 index 00000000..ecc5776c --- /dev/null +++ b/tests/testdata/weak_random.sol.text @@ -0,0 +1,57 @@ +==== Dependence on predictable environment variable ==== +Type: Warning +Contract: WeakRandom +Function name: _function_0xe9874106 +PC address: 1285 +In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient: +- block.coinbase + +-------------------- +In file: /weak_random.sol:47 + +winningAddress.transfer(prize) + +-------------------- + +==== Ether send ==== +Type: Warning +Contract: WeakRandom +Function name: _function_0xe9874106 +PC address: 1285 +In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. + +There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'. +-------------------- +In file: /weak_random.sol:47 + +winningAddress.transfer(prize) + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: WeakRandom +Function name: fallback +PC address: 356 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /weak_random.sol:11 + +prize / totalTickets + +-------------------- + +==== Exception state ==== +Type: Informational +Contract: WeakRandom +Function name: _function_0xe9874106 +PC address: 146 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +-------------------- +In file: /weak_random.sol:11 + +prize / totalTickets + +-------------------- +