mirror of https://github.com/ConsenSys/mythril
parent
3fd4272c43
commit
1d12221ff8
@ -0,0 +1,37 @@ |
|||||||
|
from unittest import TestCase |
||||||
|
from pathlib import Path |
||||||
|
|
||||||
|
from mythril.analysis.report import Report |
||||||
|
from mythril.analysis.security import fire_lasers |
||||||
|
from mythril.analysis.symbolic import SymExecWrapper |
||||||
|
from mythril.ether import util |
||||||
|
from mythril.ether.soliditycontract import SolidityContract |
||||||
|
|
||||||
|
TEST_FILES = Path(__file__).parents[1] / "testdata" |
||||||
|
|
||||||
|
def _fix_path(text): |
||||||
|
return text.replace(str(TEST_FILES), "<TEST_FILES>") |
||||||
|
|
||||||
|
class AnalysisReportTest(TestCase): |
||||||
|
|
||||||
|
def test_reports(self): |
||||||
|
for input_file in TEST_FILES.iterdir(): |
||||||
|
if input_file.is_file and input_file.suffix == '.sol': |
||||||
|
contract = SolidityContract(str(input_file), name=None, solc_args=None) |
||||||
|
sym = SymExecWrapper(contract, address=(util.get_indexed_address(0))) |
||||||
|
issues = fire_lasers(sym) |
||||||
|
|
||||||
|
for issue in issues: |
||||||
|
issue.add_code_info(contract) |
||||||
|
|
||||||
|
report = Report() |
||||||
|
for issue in issues: |
||||||
|
report.append_issue(issue) |
||||||
|
|
||||||
|
text = (TEST_FILES / (input_file.name + ".text")).read_text() |
||||||
|
json = (TEST_FILES / (input_file.name + ".json")).read_text() |
||||||
|
markdown = (TEST_FILES / (input_file.name + ".markdown")).read_text() |
||||||
|
|
||||||
|
self.assertEqual(_fix_path(report.as_text()), text) |
||||||
|
self.assertEqual(_fix_path(report.as_json()), json) |
||||||
|
self.assertEqual(_fix_path(report.as_markdown()), markdown) |
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "type": "Informational", "address": 661, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 16, "code": "fixed_address.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "type": "Warning", "address": 779, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 29, "code": "stored_address.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "type": "Informational", "address": 858, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 20, "code": "fixed_address.call()"}, {"title": "State change after external call", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "type": "Warning", "address": 869, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 21, "code": "statevar = 0"}, {"title": "Message call to external contract", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "type": "Warning", "address": 912, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 25, "code": "addr.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "type": "Informational", "address": 661, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 16, "code": "fixed_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "type": "Informational", "address": 779, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 29, "code": "stored_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "type": "Informational", "address": 858, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 20, "code": "fixed_address.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "type": "Informational", "address": 912, "debug": "", "filename": "<TEST_FILES>/calls.sol", "lineno": 25, "code": "addr.call()"}]} |
@ -0,0 +1,127 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Message call to external contract |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0x5a6814ec` |
||||||
|
- PC address: 661 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:16* |
||||||
|
|
||||||
|
``` |
||||||
|
fixed_address.call() |
||||||
|
``` |
||||||
|
## Message call to external contract |
||||||
|
- Type: Warning |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xd24b08cc` |
||||||
|
- PC address: 779 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:29* |
||||||
|
|
||||||
|
``` |
||||||
|
stored_address.call() |
||||||
|
``` |
||||||
|
## Message call to external contract |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xe11f493e` |
||||||
|
- PC address: 858 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:20* |
||||||
|
|
||||||
|
``` |
||||||
|
fixed_address.call() |
||||||
|
``` |
||||||
|
## State change after external call |
||||||
|
- Type: Warning |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xe11f493e` |
||||||
|
- PC address: 869 |
||||||
|
|
||||||
|
### Description |
||||||
|
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:21* |
||||||
|
|
||||||
|
``` |
||||||
|
statevar = 0 |
||||||
|
``` |
||||||
|
## Message call to external contract |
||||||
|
- Type: Warning |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xe1d10f79` |
||||||
|
- PC address: 912 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:25* |
||||||
|
|
||||||
|
``` |
||||||
|
addr.call() |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0x5a6814ec` |
||||||
|
- PC address: 661 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:16* |
||||||
|
|
||||||
|
``` |
||||||
|
fixed_address.call() |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xd24b08cc` |
||||||
|
- PC address: 779 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:29* |
||||||
|
|
||||||
|
``` |
||||||
|
stored_address.call() |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xe11f493e` |
||||||
|
- PC address: 858 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:20* |
||||||
|
|
||||||
|
``` |
||||||
|
fixed_address.call() |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Caller |
||||||
|
- Function name: `_function_0xe1d10f79` |
||||||
|
- PC address: 912 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/calls.sol:25* |
||||||
|
|
||||||
|
``` |
||||||
|
addr.call() |
||||||
|
``` |
@ -0,0 +1,117 @@ |
|||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0x5a6814ec |
||||||
|
PC address: 661 |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:16 |
||||||
|
|
||||||
|
fixed_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xd24b08cc |
||||||
|
PC address: 779 |
||||||
|
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:29 |
||||||
|
|
||||||
|
stored_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xe11f493e |
||||||
|
PC address: 858 |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:20 |
||||||
|
|
||||||
|
fixed_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== State change after external call ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xe11f493e |
||||||
|
PC address: 869 |
||||||
|
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:21 |
||||||
|
|
||||||
|
statevar = 0 |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xe1d10f79 |
||||||
|
PC address: 912 |
||||||
|
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:25 |
||||||
|
|
||||||
|
addr.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0x5a6814ec |
||||||
|
PC address: 661 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:16 |
||||||
|
|
||||||
|
fixed_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xd24b08cc |
||||||
|
PC address: 779 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:29 |
||||||
|
|
||||||
|
stored_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xe11f493e |
||||||
|
PC address: 858 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:20 |
||||||
|
|
||||||
|
fixed_address.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Caller |
||||||
|
Function name: _function_0xe1d10f79 |
||||||
|
PC address: 912 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/calls.sol:25 |
||||||
|
|
||||||
|
addr.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Ether send", "description": "In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'.", "function": "withdrawfunds()", "type": "Warning", "address": 816, "debug": "SOLVER OUTPUT:\nstorage_1: 0x0\ncaller: 0x0\ncalldata_Crowdfunding_0: 0x6c343ffe00000000000000000000000000000000000000000000000000000000\ncalldatasize_Crowdfunding: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/ether_send.sol", "lineno": 18, "code": "msg.sender.transfer(this.balance)"}]} |
@ -0,0 +1,17 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Ether send |
||||||
|
- Type: Warning |
||||||
|
- Contract: Crowdfunding |
||||||
|
- Function name: `withdrawfunds()` |
||||||
|
- PC address: 816 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. |
||||||
|
|
||||||
|
There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. |
||||||
|
|
||||||
|
In *<TEST_FILES>/ether_send.sol:18* |
||||||
|
|
||||||
|
``` |
||||||
|
msg.sender.transfer(this.balance) |
||||||
|
``` |
@ -0,0 +1,15 @@ |
|||||||
|
==== Ether send ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Crowdfunding |
||||||
|
Function name: withdrawfunds() |
||||||
|
PC address: 816 |
||||||
|
In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. |
||||||
|
|
||||||
|
There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/ether_send.sol:18 |
||||||
|
|
||||||
|
msg.sender.transfer(this.balance) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0x546455b5", "type": "Informational", "address": 446, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0x546455b500000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncalldata_Exceptions_4: 0x17\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/exceptions.sol", "lineno": 16, "code": "assert(input != 23)"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0x92dd38ea", "type": "Informational", "address": 484, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_4: 0x8\ncalldata_Exceptions_0: 0x92dd38ea00000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/exceptions.sol", "lineno": 34, "code": "myarray[index]"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xa08299f1", "type": "Informational", "address": 506, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0xa08299f100000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncalldata_Exceptions_4: 0x0\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/exceptions.sol", "lineno": 24, "code": "1/input"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xb34c3610", "type": "Informational", "address": 531, "debug": "The exception is triggered under the following conditions:\n\ncalldata_Exceptions_0: 0xb34c361000000000000000000000000000000000000000000000000000000000\ncalldatasize_Exceptions: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/exceptions.sol", "lineno": 7, "code": "assert(i == 0)"}]} |
@ -0,0 +1,57 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Exceptions |
||||||
|
- Function name: `_function_0x546455b5` |
||||||
|
- PC address: 446 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/exceptions.sol:16* |
||||||
|
|
||||||
|
``` |
||||||
|
assert(input != 23) |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Exceptions |
||||||
|
- Function name: `_function_0x92dd38ea` |
||||||
|
- PC address: 484 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/exceptions.sol:34* |
||||||
|
|
||||||
|
``` |
||||||
|
myarray[index] |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Exceptions |
||||||
|
- Function name: `_function_0xa08299f1` |
||||||
|
- PC address: 506 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/exceptions.sol:24* |
||||||
|
|
||||||
|
``` |
||||||
|
1/input |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Exceptions |
||||||
|
- Function name: `_function_0xb34c3610` |
||||||
|
- PC address: 531 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/exceptions.sol:7* |
||||||
|
|
||||||
|
``` |
||||||
|
assert(i == 0) |
||||||
|
``` |
@ -0,0 +1,52 @@ |
|||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Exceptions |
||||||
|
Function name: _function_0x546455b5 |
||||||
|
PC address: 446 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/exceptions.sol:16 |
||||||
|
|
||||||
|
assert(input != 23) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Exceptions |
||||||
|
Function name: _function_0x92dd38ea |
||||||
|
PC address: 484 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/exceptions.sol:34 |
||||||
|
|
||||||
|
myarray[index] |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Exceptions |
||||||
|
Function name: _function_0xa08299f1 |
||||||
|
PC address: 506 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/exceptions.sol:24 |
||||||
|
|
||||||
|
1/input |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Exceptions |
||||||
|
Function name: _function_0xb34c3610 |
||||||
|
PC address: 531 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/exceptions.sol:7 |
||||||
|
|
||||||
|
assert(i == 0) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": []} |
@ -0,0 +1 @@ |
|||||||
|
# Analysis Results |
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Ether send", "description": "In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "transfer()", "type": "Warning", "address": 142, "debug": "SOLVER OUTPUT:\ncalldata_Transfer2_0: 0x8a4068dd00000000000000000000000000000000000000000000000000000000\ncalldatasize_Transfer2: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/multi_contracts.sol", "lineno": 14, "code": "msg.sender.transfer(2 ether)"}]} |
@ -0,0 +1,16 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Ether send |
||||||
|
- Type: Warning |
||||||
|
- Contract: Transfer2 |
||||||
|
- Function name: `transfer()` |
||||||
|
- PC address: 142 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender. |
||||||
|
It seems that this function can be called without restrictions. |
||||||
|
|
||||||
|
In *<TEST_FILES>/multi_contracts.sol:14* |
||||||
|
|
||||||
|
``` |
||||||
|
msg.sender.transfer(2 ether) |
||||||
|
``` |
@ -0,0 +1,14 @@ |
|||||||
|
==== Ether send ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Transfer2 |
||||||
|
Function name: transfer() |
||||||
|
PC address: 142 |
||||||
|
In the function 'transfer()' a non-zero amount of Ether is sent to msg.sender. |
||||||
|
It seems that this function can be called without restrictions. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/multi_contracts.sol:14 |
||||||
|
|
||||||
|
msg.sender.transfer(2 ether) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Use of tx.origin", "description": "Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "type": "Warning", "address": 317, "debug": "", "filename": "<TEST_FILES>/origin.sol", "lineno": 18, "code": "tx.origin"}]} |
@ -0,0 +1,16 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Use of tx.origin |
||||||
|
- Type: Warning |
||||||
|
- Contract: Origin |
||||||
|
- Function name: `transferOwnership(address)` |
||||||
|
- PC address: 317 |
||||||
|
|
||||||
|
### Description |
||||||
|
Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. |
||||||
|
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin |
||||||
|
|
||||||
|
In *<TEST_FILES>/origin.sol:18* |
||||||
|
|
||||||
|
``` |
||||||
|
tx.origin |
||||||
|
``` |
@ -0,0 +1,14 @@ |
|||||||
|
==== Use of tx.origin ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Origin |
||||||
|
Function name: transferOwnership(address) |
||||||
|
PC address: 317 |
||||||
|
Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. |
||||||
|
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/origin.sol:18 |
||||||
|
|
||||||
|
tx.origin |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "type": "Informational", "address": 196, "debug": "", "filename": "<TEST_FILES>/returnvalue.sol", "lineno": 10, "code": "callee.call()"}, {"title": "Message call to external contract", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "type": "Informational", "address": 285, "debug": "", "filename": "<TEST_FILES>/returnvalue.sol", "lineno": 6, "code": "callee.call()"}, {"title": "Unchecked CALL return value", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "type": "Informational", "address": 285, "debug": "", "filename": "<TEST_FILES>/returnvalue.sol", "lineno": 6, "code": "callee.call()"}]} |
@ -0,0 +1,43 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Message call to external contract |
||||||
|
- Type: Informational |
||||||
|
- Contract: ReturnValue |
||||||
|
- Function name: `_function_0x633ab5e0` |
||||||
|
- PC address: 196 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
|
||||||
|
In *<TEST_FILES>/returnvalue.sol:10* |
||||||
|
|
||||||
|
``` |
||||||
|
callee.call() |
||||||
|
``` |
||||||
|
## Message call to external contract |
||||||
|
- Type: Informational |
||||||
|
- Contract: ReturnValue |
||||||
|
- Function name: `_function_0xe3bea282` |
||||||
|
- PC address: 285 |
||||||
|
|
||||||
|
### Description |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
|
||||||
|
In *<TEST_FILES>/returnvalue.sol:6* |
||||||
|
|
||||||
|
``` |
||||||
|
callee.call() |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: ReturnValue |
||||||
|
- Function name: `_function_0xe3bea282` |
||||||
|
- PC address: 285 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/returnvalue.sol:6* |
||||||
|
|
||||||
|
``` |
||||||
|
callee.call() |
||||||
|
``` |
@ -0,0 +1,39 @@ |
|||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Informational |
||||||
|
Contract: ReturnValue |
||||||
|
Function name: _function_0x633ab5e0 |
||||||
|
PC address: 196 |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/returnvalue.sol:10 |
||||||
|
|
||||||
|
callee.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Message call to external contract ==== |
||||||
|
Type: Informational |
||||||
|
Contract: ReturnValue |
||||||
|
Function name: _function_0xe3bea282 |
||||||
|
PC address: 285 |
||||||
|
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/returnvalue.sol:6 |
||||||
|
|
||||||
|
callee.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: ReturnValue |
||||||
|
Function name: _function_0xe3bea282 |
||||||
|
PC address: 285 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/returnvalue.sol:6 |
||||||
|
|
||||||
|
callee.call() |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,120 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Ether send |
||||||
|
- Type: Warning |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `collectPercentOfFees(uint256)` |
||||||
|
- PC address: 1599 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function 'collectPercentOfFees(uint256)' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
|
||||||
|
There is a check on storage index 6. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
There is a check on storage index 7. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:93* |
||||||
|
|
||||||
|
``` |
||||||
|
creator.send(feesToCollect) |
||||||
|
``` |
||||||
|
## Ether send |
||||||
|
- Type: Warning |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `collectAllFees()` |
||||||
|
- PC address: 1940 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function 'collectAllFees()' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
|
||||||
|
There is a check on storage index 9. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:75* |
||||||
|
|
||||||
|
``` |
||||||
|
creator.send(collectedFees) |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `nextPayoutWhenPyramidBalanceTotalsApproximately()` |
||||||
|
- PC address: 1653 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:131* |
||||||
|
|
||||||
|
``` |
||||||
|
participants[payoutOrder] |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `participantDetails(uint256)` |
||||||
|
- PC address: 2085 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:148* |
||||||
|
|
||||||
|
``` |
||||||
|
participants[orderInPyramid] |
||||||
|
``` |
||||||
|
## Integer Underflow |
||||||
|
- Type: Warning |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `numberOfParticipantsWaitingForPayout()` |
||||||
|
- PC address: 2743 |
||||||
|
|
||||||
|
### Description |
||||||
|
A possible integer underflow exists in the function numberOfParticipantsWaitingForPayout(). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:143* |
||||||
|
|
||||||
|
``` |
||||||
|
participants.length - payoutOrder |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `collectPercentOfFees(uint256)` |
||||||
|
- PC address: 1599 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:93* |
||||||
|
|
||||||
|
``` |
||||||
|
creator.send(feesToCollect) |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `collectFeesInEther(uint256)` |
||||||
|
- PC address: 1940 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:75* |
||||||
|
|
||||||
|
``` |
||||||
|
creator.send(collectedFees) |
||||||
|
``` |
||||||
|
## Unchecked CALL return value |
||||||
|
- Type: Informational |
||||||
|
- Contract: Rubixi |
||||||
|
- Function name: `collectFeesInEther(uint256)` |
||||||
|
- PC address: 2582 |
||||||
|
|
||||||
|
### Description |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
|
||||||
|
In *<TEST_FILES>/rubixi.sol:85* |
||||||
|
|
||||||
|
``` |
||||||
|
creator.send(_amt) |
||||||
|
``` |
@ -0,0 +1,111 @@ |
|||||||
|
==== Ether send ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Rubixi |
||||||
|
Function name: collectPercentOfFees(uint256) |
||||||
|
PC address: 1599 |
||||||
|
In the function 'collectPercentOfFees(uint256)' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
|
||||||
|
There is a check on storage index 6. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
There is a check on storage index 7. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:93 |
||||||
|
|
||||||
|
creator.send(feesToCollect) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Ether send ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Rubixi |
||||||
|
Function name: collectAllFees() |
||||||
|
PC address: 1940 |
||||||
|
In the function 'collectAllFees()' a non-zero amount of Ether is sent to an address taken from storage slot 5There is a check on storage index 5. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
|
||||||
|
There is a check on storage index 9. This storage slot can be written to by calling the function 'DynamicPyramid()'. |
||||||
|
There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:75 |
||||||
|
|
||||||
|
creator.send(collectedFees) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Rubixi |
||||||
|
Function name: nextPayoutWhenPyramidBalanceTotalsApproximately() |
||||||
|
PC address: 1653 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:131 |
||||||
|
|
||||||
|
participants[payoutOrder] |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Rubixi |
||||||
|
Function name: participantDetails(uint256) |
||||||
|
PC address: 2085 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:148 |
||||||
|
|
||||||
|
participants[orderInPyramid] |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Integer Underflow ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Rubixi |
||||||
|
Function name: numberOfParticipantsWaitingForPayout() |
||||||
|
PC address: 2743 |
||||||
|
A possible integer underflow exists in the function numberOfParticipantsWaitingForPayout(). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:143 |
||||||
|
|
||||||
|
participants.length - payoutOrder |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Rubixi |
||||||
|
Function name: collectPercentOfFees(uint256) |
||||||
|
PC address: 1599 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:93 |
||||||
|
|
||||||
|
creator.send(feesToCollect) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Rubixi |
||||||
|
Function name: collectFeesInEther(uint256) |
||||||
|
PC address: 1940 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:75 |
||||||
|
|
||||||
|
creator.send(collectedFees) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Unchecked CALL return value ==== |
||||||
|
Type: Informational |
||||||
|
Contract: Rubixi |
||||||
|
Function name: collectFeesInEther(uint256) |
||||||
|
PC address: 2582 |
||||||
|
The return value of an external call is not checked. Note that execution continue even if the called contract throws. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/rubixi.sol:85 |
||||||
|
|
||||||
|
creator.send(_amt) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Unchecked SUICIDE", "description": "The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n\nIt seems that this function can be called without restrictions.", "function": "_function_0xcbf0b0c0", "type": "Warning", "address": 146, "debug": "SOLVER OUTPUT:\ncalldata_Suicide_0: 0xcbf0b0c000000000000000000000000000000000000000000000000000000000\ncalldatasize_Suicide: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/suicide.sol", "lineno": 4, "code": "selfdestruct(addr)"}]} |
@ -0,0 +1,17 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Unchecked SUICIDE |
||||||
|
- Type: Warning |
||||||
|
- Contract: Suicide |
||||||
|
- Function name: `_function_0xcbf0b0c0` |
||||||
|
- PC address: 146 |
||||||
|
|
||||||
|
### Description |
||||||
|
The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. |
||||||
|
|
||||||
|
It seems that this function can be called without restrictions. |
||||||
|
|
||||||
|
In *<TEST_FILES>/suicide.sol:4* |
||||||
|
|
||||||
|
``` |
||||||
|
selfdestruct(addr) |
||||||
|
``` |
@ -0,0 +1,15 @@ |
|||||||
|
==== Unchecked SUICIDE ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Suicide |
||||||
|
Function name: _function_0xcbf0b0c0 |
||||||
|
PC address: 146 |
||||||
|
The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. |
||||||
|
|
||||||
|
It seems that this function can be called without restrictions. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/suicide.sol:4 |
||||||
|
|
||||||
|
selfdestruct(addr) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Integer Underflow", "description": "A possible integer underflow exists in the function sendeth(address,uint256).\nThe substraction may result in a value < 0.", "function": "sendeth(address,uint256)", "type": "Warning", "address": 649, "debug": "storage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncaller: 0x0\ncalldata_Under_32 + 4: 0x1\ncalldata_Under_0: 0xa3210e8700000000000000000000000000000000000000000000000000000000\ncalldatasize_Under: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/underflow.sol", "lineno": 12, "code": "balances[msg.sender] -= _value"}, {"title": "Integer Underflow", "description": "A possible integer underflow exists in the function sendeth(address,uint256).\nThe substraction may result in a value < 0.", "function": "sendeth(address,uint256)", "type": "Warning", "address": 567, "debug": "storage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncaller: 0x0\ncalldata_Under_32 + 4: 0x1\ncalldata_Under_0: 0xa3210e8700000000000000000000000000000000000000000000000000000000\ncalldatasize_Under: 0x4\ncallvalue: 0x0\n", "filename": "<TEST_FILES>/underflow.sol", "lineno": 11, "code": "balances[msg.sender] - _value"}]} |
@ -0,0 +1,31 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Integer Underflow |
||||||
|
- Type: Warning |
||||||
|
- Contract: Under |
||||||
|
- Function name: `sendeth(address,uint256)` |
||||||
|
- PC address: 649 |
||||||
|
|
||||||
|
### Description |
||||||
|
A possible integer underflow exists in the function sendeth(address,uint256). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
|
||||||
|
In *<TEST_FILES>/underflow.sol:12* |
||||||
|
|
||||||
|
``` |
||||||
|
balances[msg.sender] -= _value |
||||||
|
``` |
||||||
|
## Integer Underflow |
||||||
|
- Type: Warning |
||||||
|
- Contract: Under |
||||||
|
- Function name: `sendeth(address,uint256)` |
||||||
|
- PC address: 567 |
||||||
|
|
||||||
|
### Description |
||||||
|
A possible integer underflow exists in the function sendeth(address,uint256). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
|
||||||
|
In *<TEST_FILES>/underflow.sol:11* |
||||||
|
|
||||||
|
``` |
||||||
|
balances[msg.sender] - _value |
||||||
|
``` |
@ -0,0 +1,28 @@ |
|||||||
|
==== Integer Underflow ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Under |
||||||
|
Function name: sendeth(address,uint256) |
||||||
|
PC address: 649 |
||||||
|
A possible integer underflow exists in the function sendeth(address,uint256). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/underflow.sol:12 |
||||||
|
|
||||||
|
balances[msg.sender] -= _value |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Integer Underflow ==== |
||||||
|
Type: Warning |
||||||
|
Contract: Under |
||||||
|
Function name: sendeth(address,uint256) |
||||||
|
PC address: 567 |
||||||
|
A possible integer underflow exists in the function sendeth(address,uint256). |
||||||
|
The substraction may result in a value < 0. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/underflow.sol:11 |
||||||
|
|
||||||
|
balances[msg.sender] - _value |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
{"success": true, "error": null, "issues": [{"title": "Dependence on predictable environment variable", "description": "In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient:\n- block.coinbase\n", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, "debug": "", "filename": "<TEST_FILES>/weak_random.sol", "lineno": 47, "code": "winningAddress.transfer(prize)"}, {"title": "Ether send", "description": "In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'.\n\nThere is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'.\nThere is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'.", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, "debug": "SOLVER OUTPUT:\ncallvalue: 0xb1a2bc2ec50000\ncalldata_WeakRandom_0: 0x6d3b4c700000000000000000000000000000000000000000000000000000000\ncalldatasize_WeakRandom: 0x4\nstorage_1: 0x32\n", "filename": "<TEST_FILES>/weak_random.sol", "lineno": 47, "code": "winningAddress.transfer(prize)"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "fallback", "type": "Informational", "address": 356, "debug": "The exception is triggered under the following conditions:\n\ncallvalue: 0x215c4a82f200000\nstorage_1: 0x31\ncalldatasize_WeakRandom: 0x3\n", "filename": "<TEST_FILES>/weak_random.sol", "lineno": 11, "code": "prize / totalTickets"}, {"title": "Exception state", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", "function": "_function_0xe9874106", "type": "Informational", "address": 146, "debug": "The exception is triggered under the following conditions:\n\ncallvalue: 0x2000000000000000000000000000000000000000000000068805cbe800000\nstorage_1: 0x31\ncalldata_WeakRandom_0: 0x600000000000000000000000000000000000000000000000000000000\ncalldatasize_WeakRandom: 0x4\n", "filename": "<TEST_FILES>/weak_random.sol", "lineno": 11, "code": "prize / totalTickets"}]} |
@ -0,0 +1,62 @@ |
|||||||
|
# Analysis Results |
||||||
|
## Dependence on predictable environment variable |
||||||
|
- Type: Warning |
||||||
|
- Contract: WeakRandom |
||||||
|
- Function name: `_function_0xe9874106` |
||||||
|
- PC address: 1285 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient: |
||||||
|
- block.coinbase |
||||||
|
|
||||||
|
|
||||||
|
In *<TEST_FILES>/weak_random.sol:47* |
||||||
|
|
||||||
|
``` |
||||||
|
winningAddress.transfer(prize) |
||||||
|
``` |
||||||
|
## Ether send |
||||||
|
- Type: Warning |
||||||
|
- Contract: WeakRandom |
||||||
|
- Function name: `_function_0xe9874106` |
||||||
|
- PC address: 1285 |
||||||
|
|
||||||
|
### Description |
||||||
|
In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
|
||||||
|
There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
There is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
|
||||||
|
In *<TEST_FILES>/weak_random.sol:47* |
||||||
|
|
||||||
|
``` |
||||||
|
winningAddress.transfer(prize) |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: WeakRandom |
||||||
|
- Function name: `fallback` |
||||||
|
- PC address: 356 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/weak_random.sol:11* |
||||||
|
|
||||||
|
``` |
||||||
|
prize / totalTickets |
||||||
|
``` |
||||||
|
## Exception state |
||||||
|
- Type: Informational |
||||||
|
- Contract: WeakRandom |
||||||
|
- Function name: `_function_0xe9874106` |
||||||
|
- PC address: 146 |
||||||
|
|
||||||
|
### Description |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
|
||||||
|
In *<TEST_FILES>/weak_random.sol:11* |
||||||
|
|
||||||
|
``` |
||||||
|
prize / totalTickets |
||||||
|
``` |
@ -0,0 +1,57 @@ |
|||||||
|
==== Dependence on predictable environment variable ==== |
||||||
|
Type: Warning |
||||||
|
Contract: WeakRandom |
||||||
|
Function name: _function_0xe9874106 |
||||||
|
PC address: 1285 |
||||||
|
In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient: |
||||||
|
- block.coinbase |
||||||
|
|
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/weak_random.sol:47 |
||||||
|
|
||||||
|
winningAddress.transfer(prize) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Ether send ==== |
||||||
|
Type: Warning |
||||||
|
Contract: WeakRandom |
||||||
|
Function name: _function_0xe9874106 |
||||||
|
PC address: 1285 |
||||||
|
In the function '_function_0xe9874106' a non-zero amount of Ether is sent to an address taken from storage slot 0There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
|
||||||
|
There is a check on storage index 10. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
There is a check on storage index 11. This storage slot can be written to by calling the function 'fallback'. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/weak_random.sol:47 |
||||||
|
|
||||||
|
winningAddress.transfer(prize) |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: WeakRandom |
||||||
|
Function name: fallback |
||||||
|
PC address: 356 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/weak_random.sol:11 |
||||||
|
|
||||||
|
prize / totalTickets |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
||||||
|
==== Exception state ==== |
||||||
|
Type: Informational |
||||||
|
Contract: WeakRandom |
||||||
|
Function name: _function_0xe9874106 |
||||||
|
PC address: 146 |
||||||
|
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. |
||||||
|
-------------------- |
||||||
|
In file: <TEST_FILES>/weak_random.sol:11 |
||||||
|
|
||||||
|
prize / totalTickets |
||||||
|
|
||||||
|
-------------------- |
||||||
|
|
Loading…
Reference in new issue