Improve report descriptions in deprecated ops module

pull/852/head
Bernhard Mueller 6 years ago
parent 792ef1c058
commit 20e5790337
  1. 10
      mythril/analysis/modules/deprecated_ops.py
  2. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.json
  3. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2
  4. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown
  5. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.text
  6. 2
      tests/testdata/outputs_expected/origin.sol.o.json
  7. 2
      tests/testdata/outputs_expected/origin.sol.o.jsonv2
  8. 4
      tests/testdata/outputs_expected/origin.sol.o.markdown
  9. 4
      tests/testdata/outputs_expected/origin.sol.o.text

@ -17,10 +17,11 @@ def _analyze_state(state):
if instruction["opcode"] == "ORIGIN": if instruction["opcode"] == "ORIGIN":
log.debug("ORIGIN in function " + node.function_name) log.debug("ORIGIN in function " + node.function_name)
title = "Use of tx.origin is deprecated." title = "Use of tx.origin"
description_head = "Use of tx.origin is deprecated." description_head = "Use of tx.origin is deprecated."
description_tail = ( description_tail = (
"The function `{}` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. " "The smart contract retrieves the transaction origin (tx.origin) using msg.origin. "
"Use of msg.origin is deprecated and the instruction may be removed in the future. "
"Use msg.sender instead.\nSee also: " "Use msg.sender instead.\nSee also: "
"https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin".format( "https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin".format(
node.function_name node.function_name
@ -33,8 +34,9 @@ def _analyze_state(state):
title = "Use of Callcode" title = "Use of Callcode"
description_head = "Use of callcode is deprecated." description_head = "Use of callcode is deprecated."
description_tail = ( description_tail = (
"The function `{}` uses the callcode function. Callcode does not persist sender or value over the call. " "The callcode method executes code of another contract in the context of the caller account. "
"Use delegatecall instead.".format(node.function_name) "Due to a bug in the implementation it does not persist sender and value over the call. It was "
"therefore deprecated and may be removed in the future. Use the delegatecall method instead."
) )
swc_id = DEPRICATED_FUNCTIONS_USAGE swc_id = DEPRICATED_FUNCTIONS_USAGE

@ -1 +1 @@
{"error": null, "issues": [{"SourceMap": null, "address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x141f32ff", "max_gas_used": 35865, "min_gas_used": 1113, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}, {"SourceMap": null, "address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of callcode is deprecated.\nThe function `_function_0x141f32ff` uses the callcode function. Callcode does not persist sender or value over the call. Use delegatecall instead.", "function": "_function_0x141f32ff", "max_gas_used": 1141, "min_gas_used": 389, "severity": "Medium", "swc-id": "111", "title": "Use of Callcode"}, {"SourceMap": null, "address": 849, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x9b58bc26", "max_gas_used": 35922, "min_gas_used": 1170, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}, {"SourceMap": null, "address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "function": "_function_0xeea4c864", "max_gas_used": 1223, "min_gas_used": 471, "severity": "Medium", "swc-id": "107", "title": "External Call To User-Supplied Address"}, {"SourceMap": null, "address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0xeea4c864", "max_gas_used": 35947, "min_gas_used": 1195, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}], "success": true} {"error": null, "issues": [{"SourceMap": null, "address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x141f32ff", "max_gas_used": 35865, "min_gas_used": 1113, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}, {"SourceMap": null, "address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", "function": "_function_0x141f32ff", "max_gas_used": 1141, "min_gas_used": 389, "severity": "Medium", "swc-id": "111", "title": "Use of Callcode"}, {"SourceMap": null, "address": 849, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x9b58bc26", "max_gas_used": 35922, "min_gas_used": 1170, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}, {"SourceMap": null, "address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "function": "_function_0xeea4c864", "max_gas_used": 1223, "min_gas_used": 471, "severity": "Medium", "swc-id": "107", "title": "External Call To User-Supplied Address"}, {"SourceMap": null, "address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0xeea4c864", "max_gas_used": 35947, "min_gas_used": 1195, "severity": "Low", "swc-id": "104", "title": "Unchecked Call Return Value"}], "success": true}

@ -1 +1 @@
{"issues": [{"description": {"head": ["Use of callcode is deprecated."], "tail": ["The function `_function_0x141f32ff` uses the callcode function. Callcode does not persist sender or value over the call. Use delegatecall instead."]}, "extra": {}, "locations": [{"sourceMap": "618:1:0"}], "severity": "Medium", "swcID": "111", "swcTitle": "Use of Deprecated Solidity Functions"}, {"description": {"head": ["A call to a user-supplied address is executed."], "tail": ["The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."]}, "extra": {}, "locations": [{"sourceMap": "1038:1:0"}], "severity": "Medium", "swcID": "107", "swcTitle": "Reentrancy"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "618:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "849:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "1038:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}], "meta": {}, "sourceFormat": "evm-byzantium-bytecode", "sourceList": ["0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"], "sourceType": "raw-bytecode"} {"issues": [{"description": {"head": ["Use of callcode is deprecated."], "tail": ["The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead."]}, "extra": {}, "locations": [{"sourceMap": "618:1:0"}], "severity": "Medium", "swcID": "111", "swcTitle": "Use of Deprecated Solidity Functions"}, {"description": {"head": ["A call to a user-supplied address is executed."], "tail": ["The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."]}, "extra": {}, "locations": [{"sourceMap": "1038:1:0"}], "severity": "Medium", "swcID": "107", "swcTitle": "Reentrancy"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "618:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "849:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}, {"description": {"head": ["The return value of a message call is not checked."], "tail": ["External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."]}, "extra": {}, "locations": [{"sourceMap": "1038:1:0"}], "severity": "Low", "swcID": "104", "swcTitle": "Unchecked Call Return Value"}], "meta": {}, "sourceFormat": "evm-byzantium-bytecode", "sourceList": ["0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"], "sourceType": "raw-bytecode"}

@ -24,7 +24,7 @@ External calls return a boolean value. If the callee contract halts with an exce
### Description ### Description
Use of callcode is deprecated. Use of callcode is deprecated.
The function `_function_0x141f32ff` uses the callcode function. Callcode does not persist sender or value over the call. Use delegatecall instead. The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.
## Unchecked Call Return Value ## Unchecked Call Return Value
- SWC ID: 104 - SWC ID: 104

@ -17,7 +17,7 @@ Function name: _function_0x141f32ff
PC address: 618 PC address: 618
Estimated Gas Usage: 389 - 1141 Estimated Gas Usage: 389 - 1141
Use of callcode is deprecated. Use of callcode is deprecated.
The function `_function_0x141f32ff` uses the callcode function. Callcode does not persist sender or value over the call. Use delegatecall instead. The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.
-------------------- --------------------
==== Unchecked Call Return Value ==== ==== Unchecked Call Return Value ====

@ -1 +1 @@
{"error": null, "issues": [{"SourceMap": null, "address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of tx.origin is deprecated.\nThe function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "max_gas_used": 1051, "min_gas_used": 626, "severity": "Medium", "swc-id": "111", "title": "Use of tx.origin is deprecated."}], "success": true} {"error": null, "issues": [{"SourceMap": null, "address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "max_gas_used": 1051, "min_gas_used": 626, "severity": "Medium", "swc-id": "111", "title": "Use of tx.origin"}], "success": true}

@ -1 +1 @@
{"issues": [{"description": {"head": ["Use of tx.origin is deprecated."], "tail": ["The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin"]}, "extra": {}, "locations": [{"sourceMap": "317:1:0"}], "severity": "Medium", "swcID": "111", "swcTitle": "Use of Deprecated Solidity Functions"}], "meta": {}, "sourceFormat": "evm-byzantium-bytecode", "sourceList": ["0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03"], "sourceType": "raw-bytecode"} {"issues": [{"description": {"head": ["Use of tx.origin is deprecated."], "tail": ["The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin"]}, "extra": {}, "locations": [{"sourceMap": "317:1:0"}], "severity": "Medium", "swcID": "111", "swcTitle": "Use of Deprecated Solidity Functions"}], "meta": {}, "sourceFormat": "evm-byzantium-bytecode", "sourceList": ["0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03"], "sourceType": "raw-bytecode"}

@ -1,6 +1,6 @@
# Analysis results for test-filename.sol # Analysis results for test-filename.sol
## Use of tx.origin is deprecated. ## Use of tx.origin
- SWC ID: 111 - SWC ID: 111
- Severity: Medium - Severity: Medium
- Contract: Unknown - Contract: Unknown
@ -11,5 +11,5 @@
### Description ### Description
Use of tx.origin is deprecated. Use of tx.origin is deprecated.
The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin

@ -1,4 +1,4 @@
==== Use of tx.origin is deprecated. ==== ==== Use of tx.origin ====
SWC ID: 111 SWC ID: 111
Severity: Medium Severity: Medium
Contract: Unknown Contract: Unknown
@ -6,7 +6,7 @@ Function name: transferOwnership(address)
PC address: 317 PC address: 317
Estimated Gas Usage: 626 - 1051 Estimated Gas Usage: 626 - 1051
Use of tx.origin is deprecated. Use of tx.origin is deprecated.
The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin
-------------------- --------------------

Loading…
Cancel
Save