diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index 71131038..76e96a46 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -39,14 +39,14 @@ def execute(statespace): interesting = False - description = "In the function `" + call.node.function_name + "` " + description = "A non-zero amount of Ether is sent to a user-supplied address." if re.search(r"caller", str(call.to)): - description += "a non-zero amount of Ether is sent to msg.sender.\n" + description += " The target address is msg.sender.\n" interesting = True elif re.search(r"calldata", str(call.to)): - description += "a non-zero amount of Ether is sent to an address taken from function arguments.\n" + description += " The target address is taken from function arguments.\n" interesting = True else: @@ -56,7 +56,7 @@ def execute(statespace): idx = m.group(1) description += ( - "a non-zero amount of Ether is sent to an address taken from storage slot " + " The target address is taken from storage slot " + str(idx) + ".\n" ) diff --git a/mythril/analysis/modules/exceptions.py b/mythril/analysis/modules/exceptions.py index d27e1729..f1702abf 100644 --- a/mythril/analysis/modules/exceptions.py +++ b/mythril/analysis/modules/exceptions.py @@ -36,8 +36,7 @@ def execute(statespace): "out-of-bounds array access, or assert violations. " ) description += ( - "This is acceptable in most situations. " - "Note however that `assert()` should only be used to check invariants. " + "Note that explicit `assert()` should only be used to check invariants. " "Use `require()` for regular input checking. " ) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index 3b373926..c6f02936 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -99,12 +99,7 @@ def _check_integer_overflow(statespace, state, node): _type="Warning", ) - issue.description = ( - "A possible integer overflow exists in the function `{}`.\n" - "The addition or multiplication may result in a value higher than the maximum representable integer.".format( - node.function_name - ) - ) + issue.description = "The arithmetic operation can result in integer overflow.\n" issue.debug = solver.pretty_print_model(model) issues.append(issue) @@ -213,10 +208,7 @@ def _check_integer_underflow(statespace, state, node): ) issue.description = ( - "A possible integer underflow exists in the function `" - + node.function_name - + "`.\n" - "The subtraction may result in a value < 0." + "The substraction can result in an integer underflow.\n" ) issue.debug = solver.pretty_print_model(model) diff --git a/mythril/analysis/modules/multiple_sends.py b/mythril/analysis/modules/multiple_sends.py index a53e20b5..c3489141 100644 --- a/mythril/analysis/modules/multiple_sends.py +++ b/mythril/analysis/modules/multiple_sends.py @@ -33,7 +33,7 @@ def execute(statespace): ) issue.description = ( - "Multiple sends exist in one transaction. Try to isolate each external call into its own transaction," + "Multiple sends are executed in a single transaction. Try to isolate each external call into its own transaction," " as external calls can fail accidentally or deliberately.\nConsecutive calls: \n" ) diff --git a/mythril/analysis/modules/suicide.py b/mythril/analysis/modules/suicide.py index 0d1b4859..70e68a4c 100644 --- a/mythril/analysis/modules/suicide.py +++ b/mythril/analysis/modules/suicide.py @@ -39,9 +39,8 @@ def _analyze_state(state, node): to = state.mstate.stack[-1] logging.debug("[UNCHECKED_SUICIDE] suicide in function " + node.function_name) - description = ( - "The function `" + node.function_name + "` executes the SUICIDE instruction. " - ) + + description = "A reachable SUICIDE instruction was detected. " if "caller" in str(to): description += "The remaining Ether is sent to the caller's address.\n" diff --git a/mythril/analysis/modules/transaction_order_dependence.py b/mythril/analysis/modules/transaction_order_dependence.py index bd6a36f8..8d98bfdb 100644 --- a/mythril/analysis/modules/transaction_order_dependence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -43,10 +43,8 @@ def execute(statespace): ) issue.description = ( - "A possible transaction order dependence vulnerability exists in function {}. The value or " - "direction of the call statement is determined from a tainted storage location".format( - node.function_name - ) + "Possible transaction order dependence vulnerability: The value or " + "direction of the call statement is determined from a tainted storage location" ) issues.append(issue) diff --git a/tests/cmd_line_test.py b/tests/cmd_line_test.py index 9c5033aa..83ade882 100644 --- a/tests/cmd_line_test.py +++ b/tests/cmd_line_test.py @@ -26,7 +26,8 @@ class TruffleTestCase(BaseTestCase): def test_analysis_truffle_project(self): truffle_project_root = str(TESTS_DIR / "truffle_project") command = "cd {}; truffle compile; python3 {} --truffle".format(truffle_project_root, MYTH) - self.assertIn("In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.", output_of(command)) + self.assertIn("A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender." + , output_of(command)) class InfuraTestCase(BaseTestCase): diff --git a/tests/testdata/outputs_expected/calls.sol.o.graph.html b/tests/testdata/outputs_expected/calls.sol.o.graph.html index 6af2b5fa..cc2b882d 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.graph.html +++ b/tests/testdata/outputs_expected/calls.sol.o.graph.html @@ -8,6 +8,7 @@

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+
+ + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json new file mode 100644 index 00000000..d7b6f7e0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown new file mode 100644 index 00000000..f19dbaef --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown @@ -0,0 +1,111 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 661 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 666 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Transaction order dependence +- SWC ID: 114 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 784 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 858 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## State change after external call +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 869 + +### Description + +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 871 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 918 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text new file mode 100644 index 00000000..c65b9fc7 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text @@ -0,0 +1,90 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 661 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 666 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Transaction order dependence ==== +SWC ID: 114 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 784 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 858 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== State change after external call ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 869 +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 871 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 912 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 918 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm new file mode 100644 index 00000000..7a5b2043 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm @@ -0,0 +1,259 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x06661abd +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x83f12fec +71 EQ +72 PUSH2 0x007c +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 DUP1 +84 ISZERO +85 PUSH2 0x005d +88 JUMPI +89 PUSH1 0x00 +91 DUP1 +92 REVERT +93 JUMPDEST +94 POP +95 PUSH2 0x0066 +98 PUSH2 0x0104 +101 JUMP +102 JUMPDEST +103 PUSH1 0x40 +105 MLOAD +106 DUP1 +107 DUP3 +108 DUP2 +109 MSTORE +110 PUSH1 0x20 +112 ADD +113 SWAP2 +114 POP +115 POP +116 PUSH1 0x40 +118 MLOAD +119 DUP1 +120 SWAP2 +121 SUB +122 SWAP1 +123 RETURN +124 JUMPDEST +125 CALLVALUE +126 DUP1 +127 ISZERO +128 PUSH2 0x0088 +131 JUMPI +132 PUSH1 0x00 +134 DUP1 +135 REVERT +136 JUMPDEST +137 POP +138 PUSH2 0x00ea +141 PUSH1 0x04 +143 DUP1 +144 CALLDATASIZE +145 SUB +146 DUP2 +147 ADD +148 SWAP1 +149 DUP1 +150 DUP1 +151 CALLDATALOAD +152 SWAP1 +153 PUSH1 0x20 +155 ADD +156 SWAP1 +157 DUP3 +158 ADD +159 DUP1 +160 CALLDATALOAD +161 SWAP1 +162 PUSH1 0x20 +164 ADD +165 SWAP1 +166 DUP1 +167 DUP1 +168 PUSH1 0x20 +170 MUL +171 PUSH1 0x20 +173 ADD +174 PUSH1 0x40 +176 MLOAD +177 SWAP1 +178 DUP2 +179 ADD +180 PUSH1 0x40 +182 MSTORE +183 DUP1 +184 SWAP4 +185 SWAP3 +186 SWAP2 +187 SWAP1 +188 DUP2 +189 DUP2 +190 MSTORE +191 PUSH1 0x20 +193 ADD +194 DUP4 +195 DUP4 +196 PUSH1 0x20 +198 MUL +199 DUP1 +200 DUP3 +201 DUP5 +202 CALLDATACOPY +203 DUP3 +204 ADD +205 SWAP2 +206 POP +207 POP +208 POP +209 POP +210 POP +211 POP +212 SWAP2 +213 SWAP3 +214 SWAP2 +215 SWAP3 +216 SWAP1 +217 DUP1 +218 CALLDATALOAD +219 SWAP1 +220 PUSH1 0x20 +222 ADD +223 SWAP1 +224 SWAP3 +225 SWAP2 +226 SWAP1 +227 POP +228 POP +229 POP +230 PUSH2 0x010a +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 ISZERO +241 ISZERO +242 ISZERO +243 ISZERO +244 DUP2 +245 MSTORE +246 PUSH1 0x20 +248 ADD +249 SWAP2 +250 POP +251 POP +252 PUSH1 0x40 +254 MLOAD +255 DUP1 +256 SWAP2 +257 SUB +258 SWAP1 +259 RETURN +260 JUMPDEST +261 PUSH1 0x00 +263 SLOAD +264 DUP2 +265 JUMP +266 JUMPDEST +267 PUSH1 0x00 +269 DUP1 +270 PUSH1 0x00 +272 DUP5 +273 MLOAD +274 SWAP2 +275 POP +276 DUP4 +277 DUP3 +278 MUL +279 SWAP1 +280 POP +281 PUSH1 0x00 +283 DUP3 +284 GT +285 DUP1 +286 ISZERO +287 PUSH2 0x0129 +290 JUMPI +291 POP +292 PUSH1 0x14 +294 DUP3 +295 GT +296 ISZERO +297 JUMPDEST +298 ISZERO +299 ISZERO +300 PUSH2 0x0134 +303 JUMPI +304 PUSH1 0x00 +306 DUP1 +307 REVERT +308 JUMPDEST +309 DUP1 +310 PUSH1 0x01 +312 PUSH1 0x00 +314 CALLER +315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +336 AND +337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +358 AND +359 DUP2 +360 MSTORE +361 PUSH1 0x20 +363 ADD +364 SWAP1 +365 DUP2 +366 MSTORE +367 PUSH1 0x20 +369 ADD +370 PUSH1 0x00 +372 SHA3 +373 PUSH1 0x00 +375 DUP3 +376 DUP3 +377 SLOAD +378 SUB +379 SWAP3 +380 POP +381 POP +382 DUP2 +383 SWAP1 +384 SSTORE +385 POP +386 PUSH1 0x01 +388 SWAP3 +389 POP +390 POP +391 POP +392 SWAP3 +393 SWAP2 +394 POP +395 POP +396 JUMP +397 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html new file mode 100644 index 00000000..9dbc6800 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json new file mode 100644 index 00000000..207b9a02 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown new file mode 100644 index 00000000..c9630745 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 158 + +### Description + +The arithmetic operation can result in integer overflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 278 + +### Description + +The arithmetic operation can result in integer overflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 378 + +### Description + +The substraction can result in an integer underflow. diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text new file mode 100644 index 00000000..ef673002 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 158 +The arithmetic operation can result in integer overflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 278 +The arithmetic operation can result in integer overflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 378 +The substraction can result in an integer underflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm new file mode 100644 index 00000000..b0a5e256 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm @@ -0,0 +1,420 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0078 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x12065fe0 +60 EQ +61 PUSH2 0x007d +64 JUMPI +65 DUP1 +66 PUSH4 0x27e235e3 +71 EQ +72 PUSH2 0x00a8 +75 JUMPI +76 DUP1 +77 PUSH4 0x56885cd8 +82 EQ +83 PUSH2 0x00ff +86 JUMPI +87 DUP1 +88 PUSH4 0x6c343ffe +93 EQ +94 PUSH2 0x0116 +97 JUMPI +98 DUP1 +99 PUSH4 0x8da5cb5b +104 EQ +105 PUSH2 0x012d +108 JUMPI +109 DUP1 +110 PUSH4 0xe8b5e51f +115 EQ +116 PUSH2 0x0184 +119 JUMPI +120 JUMPDEST +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 CALLVALUE +127 DUP1 +128 ISZERO +129 PUSH2 0x0089 +132 JUMPI +133 PUSH1 0x00 +135 DUP1 +136 REVERT +137 JUMPDEST +138 POP +139 PUSH2 0x0092 +142 PUSH2 0x018e +145 JUMP +146 JUMPDEST +147 PUSH1 0x40 +149 MLOAD +150 DUP1 +151 DUP3 +152 DUP2 +153 MSTORE +154 PUSH1 0x20 +156 ADD +157 SWAP2 +158 POP +159 POP +160 PUSH1 0x40 +162 MLOAD +163 DUP1 +164 SWAP2 +165 SUB +166 SWAP1 +167 RETURN +168 JUMPDEST +169 CALLVALUE +170 DUP1 +171 ISZERO +172 PUSH2 0x00b4 +175 JUMPI +176 PUSH1 0x00 +178 DUP1 +179 REVERT +180 JUMPDEST +181 POP +182 PUSH2 0x00e9 +185 PUSH1 0x04 +187 DUP1 +188 CALLDATASIZE +189 SUB +190 DUP2 +191 ADD +192 SWAP1 +193 DUP1 +194 DUP1 +195 CALLDATALOAD +196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +217 AND +218 SWAP1 +219 PUSH1 0x20 +221 ADD +222 SWAP1 +223 SWAP3 +224 SWAP2 +225 SWAP1 +226 POP +227 POP +228 POP +229 PUSH2 0x01d4 +232 JUMP +233 JUMPDEST +234 PUSH1 0x40 +236 MLOAD +237 DUP1 +238 DUP3 +239 DUP2 +240 MSTORE +241 PUSH1 0x20 +243 ADD +244 SWAP2 +245 POP +246 POP +247 PUSH1 0x40 +249 MLOAD +250 DUP1 +251 SWAP2 +252 SUB +253 SWAP1 +254 RETURN +255 JUMPDEST +256 CALLVALUE +257 DUP1 +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 POP +269 PUSH2 0x0114 +272 PUSH2 0x01ec +275 JUMP +276 JUMPDEST +277 STOP +278 JUMPDEST +279 CALLVALUE +280 DUP1 +281 ISZERO +282 PUSH2 0x0122 +285 JUMPI +286 PUSH1 0x00 +288 DUP1 +289 REVERT +290 JUMPDEST +291 POP +292 PUSH2 0x012b +295 PUSH2 0x022f +298 JUMP +299 JUMPDEST +300 STOP +301 JUMPDEST +302 CALLVALUE +303 DUP1 +304 ISZERO +305 PUSH2 0x0139 +308 JUMPI +309 PUSH1 0x00 +311 DUP1 +312 REVERT +313 JUMPDEST +314 POP +315 PUSH2 0x0142 +318 PUSH2 0x02eb +321 JUMP +322 JUMPDEST +323 PUSH1 0x40 +325 MLOAD +326 DUP1 +327 DUP3 +328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +349 AND +350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +371 AND +372 DUP2 +373 MSTORE +374 PUSH1 0x20 +376 ADD +377 SWAP2 +378 POP +379 POP +380 PUSH1 0x40 +382 MLOAD +383 DUP1 +384 SWAP2 +385 SUB +386 SWAP1 +387 RETURN +388 JUMPDEST +389 PUSH2 0x018c +392 PUSH2 0x0311 +395 JUMP +396 JUMPDEST +397 STOP +398 JUMPDEST +399 PUSH1 0x00 +401 DUP1 +402 PUSH1 0x00 +404 CALLER +405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +426 AND +427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +448 AND +449 DUP2 +450 MSTORE +451 PUSH1 0x20 +453 ADD +454 SWAP1 +455 DUP2 +456 MSTORE +457 PUSH1 0x20 +459 ADD +460 PUSH1 0x00 +462 SHA3 +463 SLOAD +464 SWAP1 +465 POP +466 SWAP1 +467 JUMP +468 JUMPDEST +469 PUSH1 0x00 +471 PUSH1 0x20 +473 MSTORE +474 DUP1 +475 PUSH1 0x00 +477 MSTORE +478 PUSH1 0x40 +480 PUSH1 0x00 +482 SHA3 +483 PUSH1 0x00 +485 SWAP2 +486 POP +487 SWAP1 +488 POP +489 SLOAD +490 DUP2 +491 JUMP +492 JUMPDEST +493 CALLER +494 PUSH1 0x01 +496 PUSH1 0x00 +498 PUSH2 0x0100 +501 EXP +502 DUP2 +503 SLOAD +504 DUP2 +505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +526 MUL +527 NOT +528 AND +529 SWAP1 +530 DUP4 +531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +552 AND +553 MUL +554 OR +555 SWAP1 +556 SSTORE +557 POP +558 JUMP +559 JUMPDEST +560 PUSH1 0x01 +562 PUSH1 0x00 +564 SWAP1 +565 SLOAD +566 SWAP1 +567 PUSH2 0x0100 +570 EXP +571 SWAP1 +572 DIV +573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +594 AND +595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +616 AND +617 CALLER +618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +639 AND +640 EQ +641 ISZERO +642 ISZERO +643 PUSH2 0x028b +646 JUMPI +647 PUSH1 0x00 +649 DUP1 +650 REVERT +651 JUMPDEST +652 CALLER +653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +674 AND +675 PUSH2 0x08fc +678 ADDRESS +679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +700 AND +701 BALANCE +702 SWAP1 +703 DUP2 +704 ISZERO +705 MUL +706 SWAP1 +707 PUSH1 0x40 +709 MLOAD +710 PUSH1 0x00 +712 PUSH1 0x40 +714 MLOAD +715 DUP1 +716 DUP4 +717 SUB +718 DUP2 +719 DUP6 +720 DUP9 +721 DUP9 +722 CALL +723 SWAP4 +724 POP +725 POP +726 POP +727 POP +728 ISZERO +729 DUP1 +730 ISZERO +731 PUSH2 0x02e8 +734 JUMPI +735 RETURNDATASIZE +736 PUSH1 0x00 +738 DUP1 +739 RETURNDATACOPY +740 RETURNDATASIZE +741 PUSH1 0x00 +743 REVERT +744 JUMPDEST +745 POP +746 JUMP +747 JUMPDEST +748 PUSH1 0x01 +750 PUSH1 0x00 +752 SWAP1 +753 SLOAD +754 SWAP1 +755 PUSH2 0x0100 +758 EXP +759 SWAP1 +760 DIV +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 JUMP +785 JUMPDEST +786 PUSH1 0x02 +788 SLOAD +789 CALLVALUE +790 GT +791 DUP1 +792 ISZERO +793 PUSH2 0x0323 +796 JUMPI +797 POP +798 PUSH1 0x03 +800 SLOAD +801 CALLVALUE +802 LT +803 JUMPDEST +804 ISZERO +805 ISZERO +806 PUSH2 0x032e +809 JUMPI +810 PUSH1 0x00 +812 DUP1 +813 REVERT +814 JUMPDEST +815 CALLVALUE +816 PUSH1 0x00 +818 DUP1 +819 CALLER +820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +841 AND +842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +863 AND +864 DUP2 +865 MSTORE +866 PUSH1 0x20 +868 ADD +869 SWAP1 +870 DUP2 +871 MSTORE +872 PUSH1 0x20 +874 ADD +875 PUSH1 0x00 +877 SHA3 +878 PUSH1 0x00 +880 DUP3 +881 DUP3 +882 SLOAD +883 ADD +884 SWAP3 +885 POP +886 POP +887 DUP2 +888 SWAP1 +889 SSTORE +890 POP +891 JUMP +892 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html new file mode 100644 index 00000000..445674a0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json new file mode 100644 index 00000000..f993162b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown new file mode 100644 index 00000000..5b677714 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown @@ -0,0 +1,25 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `withdrawfunds()` +- PC address: 722 + +### Description + +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. + +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `invest()` +- PC address: 883 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text new file mode 100644 index 00000000..e9c61963 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text @@ -0,0 +1,21 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: withdrawfunds() +PC address: 722 +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. + +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: invest() +PC address: 883 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm new file mode 100644 index 00000000..ef83a75c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm @@ -0,0 +1,392 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x008e +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x01d4277c +60 EQ +61 PUSH2 0x0093 +64 JUMPI +65 DUP1 +66 PUSH4 0x546455b5 +71 EQ +72 PUSH2 0x00b6 +75 JUMPI +76 DUP1 +77 PUSH4 0x78375f14 +82 EQ +83 PUSH2 0x00d9 +86 JUMPI +87 DUP1 +88 PUSH4 0x92dd38ea +93 EQ +94 PUSH2 0x00fc +97 JUMPI +98 DUP1 +99 PUSH4 0xa08299f1 +104 EQ +105 PUSH2 0x011f +108 JUMPI +109 DUP1 +110 PUSH4 0xb34c3610 +115 EQ +116 PUSH2 0x0142 +119 JUMPI +120 DUP1 +121 PUSH4 0xb630d706 +126 EQ +127 PUSH2 0x0157 +130 JUMPI +131 DUP1 +132 PUSH4 0xf44f13d8 +137 EQ +138 PUSH2 0x017a +141 JUMPI +142 JUMPDEST +143 PUSH1 0x00 +145 DUP1 +146 REVERT +147 JUMPDEST +148 CALLVALUE +149 ISZERO +150 PUSH2 0x009e +153 JUMPI +154 PUSH1 0x00 +156 DUP1 +157 REVERT +158 JUMPDEST +159 PUSH2 0x00b4 +162 PUSH1 0x04 +164 DUP1 +165 DUP1 +166 CALLDATALOAD +167 SWAP1 +168 PUSH1 0x20 +170 ADD +171 SWAP1 +172 SWAP2 +173 SWAP1 +174 POP +175 POP +176 PUSH2 0x018f +179 JUMP +180 JUMPDEST +181 STOP +182 JUMPDEST +183 CALLVALUE +184 ISZERO +185 PUSH2 0x00c1 +188 JUMPI +189 PUSH1 0x00 +191 DUP1 +192 REVERT +193 JUMPDEST +194 PUSH2 0x00d7 +197 PUSH1 0x04 +199 DUP1 +200 DUP1 +201 CALLDATALOAD +202 SWAP1 +203 PUSH1 0x20 +205 ADD +206 SWAP1 +207 SWAP2 +208 SWAP1 +209 POP +210 POP +211 PUSH2 0x01b2 +214 JUMP +215 JUMPDEST +216 STOP +217 JUMPDEST +218 CALLVALUE +219 ISZERO +220 PUSH2 0x00e4 +223 JUMPI +224 PUSH1 0x00 +226 DUP1 +227 REVERT +228 JUMPDEST +229 PUSH2 0x00fa +232 PUSH1 0x04 +234 DUP1 +235 DUP1 +236 CALLDATALOAD +237 SWAP1 +238 PUSH1 0x20 +240 ADD +241 SWAP1 +242 SWAP2 +243 SWAP1 +244 POP +245 POP +246 PUSH2 0x01c2 +249 JUMP +250 JUMPDEST +251 STOP +252 JUMPDEST +253 CALLVALUE +254 ISZERO +255 PUSH2 0x0107 +258 JUMPI +259 PUSH1 0x00 +261 DUP1 +262 REVERT +263 JUMPDEST +264 PUSH2 0x011d +267 PUSH1 0x04 +269 DUP1 +270 DUP1 +271 CALLDATALOAD +272 SWAP1 +273 PUSH1 0x20 +275 ADD +276 SWAP1 +277 SWAP2 +278 SWAP1 +279 POP +280 POP +281 PUSH2 0x01d5 +284 JUMP +285 JUMPDEST +286 STOP +287 JUMPDEST +288 CALLVALUE +289 ISZERO +290 PUSH2 0x012a +293 JUMPI +294 PUSH1 0x00 +296 DUP1 +297 REVERT +298 JUMPDEST +299 PUSH2 0x0140 +302 PUSH1 0x04 +304 DUP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01ed +319 JUMP +320 JUMPDEST +321 STOP +322 JUMPDEST +323 CALLVALUE +324 ISZERO +325 PUSH2 0x014d +328 JUMPI +329 PUSH1 0x00 +331 DUP1 +332 REVERT +333 JUMPDEST +334 PUSH2 0x0155 +337 PUSH2 0x0202 +340 JUMP +341 JUMPDEST +342 STOP +343 JUMPDEST +344 CALLVALUE +345 ISZERO +346 PUSH2 0x0162 +349 JUMPI +350 PUSH1 0x00 +352 DUP1 +353 REVERT +354 JUMPDEST +355 PUSH2 0x0178 +358 PUSH1 0x04 +360 DUP1 +361 DUP1 +362 CALLDATALOAD +363 SWAP1 +364 PUSH1 0x20 +366 ADD +367 SWAP1 +368 SWAP2 +369 SWAP1 +370 POP +371 POP +372 PUSH2 0x0217 +375 JUMP +376 JUMPDEST +377 STOP +378 JUMPDEST +379 CALLVALUE +380 ISZERO +381 PUSH2 0x0185 +384 JUMPI +385 PUSH1 0x00 +387 DUP1 +388 REVERT +389 JUMPDEST +390 PUSH2 0x018d +393 PUSH2 0x0235 +396 JUMP +397 JUMPDEST +398 STOP +399 JUMPDEST +400 PUSH1 0x00 +402 PUSH1 0x08 +404 DUP3 +405 LT +406 ISZERO +407 PUSH2 0x01ae +410 JUMPI +411 PUSH1 0x00 +413 DUP3 +414 PUSH1 0x08 +416 DUP2 +417 LT +418 ISZERO +419 ISZERO +420 PUSH2 0x01a9 +423 JUMPI +424 ASSERT_FAIL +425 JUMPDEST +426 ADD +427 SLOAD +428 SWAP1 +429 POP +430 JUMPDEST +431 POP +432 POP +433 JUMP +434 JUMPDEST +435 PUSH1 0x17 +437 DUP2 +438 EQ +439 ISZERO +440 ISZERO +441 ISZERO +442 PUSH2 0x01bf +445 JUMPI +446 ASSERT_FAIL +447 JUMPDEST +448 POP +449 JUMP +450 JUMPDEST +451 PUSH1 0x17 +453 DUP2 +454 EQ +455 ISZERO +456 ISZERO +457 ISZERO +458 PUSH2 0x01d2 +461 JUMPI +462 PUSH1 0x00 +464 DUP1 +465 REVERT +466 JUMPDEST +467 POP +468 JUMP +469 JUMPDEST +470 PUSH1 0x00 +472 DUP1 +473 DUP3 +474 PUSH1 0x08 +476 DUP2 +477 LT +478 ISZERO +479 ISZERO +480 PUSH2 0x01e5 +483 JUMPI +484 ASSERT_FAIL +485 JUMPDEST +486 ADD +487 SLOAD +488 SWAP1 +489 POP +490 POP +491 POP +492 JUMP +493 JUMPDEST +494 PUSH1 0x00 +496 DUP2 +497 PUSH1 0x01 +499 DUP2 +500 ISZERO +501 ISZERO +502 PUSH2 0x01fb +505 JUMPI +506 ASSERT_FAIL +507 JUMPDEST +508 DIV +509 SWAP1 +510 POP +511 POP +512 POP +513 JUMP +514 JUMPDEST +515 PUSH1 0x00 +517 PUSH1 0x01 +519 SWAP1 +520 POP +521 PUSH1 0x00 +523 DUP2 +524 EQ +525 ISZERO +526 ISZERO +527 PUSH2 0x0214 +530 JUMPI +531 ASSERT_FAIL +532 JUMPDEST +533 POP +534 JUMP +535 JUMPDEST +536 PUSH1 0x00 +538 DUP1 +539 DUP3 +540 GT +541 ISZERO +542 PUSH2 0x0231 +545 JUMPI +546 DUP2 +547 PUSH1 0x01 +549 DUP2 +550 ISZERO +551 ISZERO +552 PUSH2 0x022d +555 JUMPI +556 ASSERT_FAIL +557 JUMPDEST +558 DIV +559 SWAP1 +560 POP +561 JUMPDEST +562 POP +563 POP +564 JUMP +565 JUMPDEST +566 PUSH1 0x00 +568 PUSH1 0x01 +570 SWAP1 +571 POP +572 PUSH1 0x00 +574 DUP2 +575 GT +576 ISZERO +577 ISZERO +578 PUSH2 0x0247 +581 JUMPI +582 ASSERT_FAIL +583 JUMPDEST +584 POP +585 JUMP +586 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html new file mode 100644 index 00000000..f7879865 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json new file mode 100644 index 00000000..c8d722b5 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown new file mode 100644 index 00000000..2ed81d76 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x546455b5` +- PC address: 446 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x92dd38ea` +- PC address: 484 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xa08299f1` +- PC address: 506 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xb34c3610` +- PC address: 531 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text new file mode 100644 index 00000000..a9ac2d73 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text @@ -0,0 +1,36 @@ +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x546455b5 +PC address: 446 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x92dd38ea +PC address: 484 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xa08299f1 +PC address: 506 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xb34c3610 +PC address: 531 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm new file mode 100644 index 00000000..571b1c66 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm @@ -0,0 +1,435 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x006d +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x141f32ff +60 EQ +61 PUSH2 0x0072 +64 JUMPI +65 DUP1 +66 PUSH4 0x2e52d606 +71 EQ +72 PUSH2 0x00b4 +75 JUMPI +76 DUP1 +77 PUSH4 0x67e404ce +82 EQ +83 PUSH2 0x00dd +86 JUMPI +87 DUP1 +88 PUSH4 0x9b58bc26 +93 EQ +94 PUSH2 0x0132 +97 JUMPI +98 DUP1 +99 PUSH4 0xeea4c864 +104 EQ +105 PUSH2 0x0174 +108 JUMPI +109 JUMPDEST +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 CALLVALUE +116 ISZERO +117 PUSH2 0x007d +120 JUMPI +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 PUSH2 0x00b2 +129 PUSH1 0x04 +131 DUP1 +132 DUP1 +133 CALLDATALOAD +134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +155 AND +156 SWAP1 +157 PUSH1 0x20 +159 ADD +160 SWAP1 +161 SWAP2 +162 SWAP1 +163 DUP1 +164 CALLDATALOAD +165 SWAP1 +166 PUSH1 0x20 +168 ADD +169 SWAP1 +170 SWAP2 +171 SWAP1 +172 POP +173 POP +174 PUSH2 0x01b6 +177 JUMP +178 JUMPDEST +179 STOP +180 JUMPDEST +181 CALLVALUE +182 ISZERO +183 PUSH2 0x00bf +186 JUMPI +187 PUSH1 0x00 +189 DUP1 +190 REVERT +191 JUMPDEST +192 PUSH2 0x00c7 +195 PUSH2 0x0273 +198 JUMP +199 JUMPDEST +200 PUSH1 0x40 +202 MLOAD +203 DUP1 +204 DUP3 +205 DUP2 +206 MSTORE +207 PUSH1 0x20 +209 ADD +210 SWAP2 +211 POP +212 POP +213 PUSH1 0x40 +215 MLOAD +216 DUP1 +217 SWAP2 +218 SUB +219 SWAP1 +220 RETURN +221 JUMPDEST +222 CALLVALUE +223 ISZERO +224 PUSH2 0x00e8 +227 JUMPI +228 PUSH1 0x00 +230 DUP1 +231 REVERT +232 JUMPDEST +233 PUSH2 0x00f0 +236 PUSH2 0x0279 +239 JUMP +240 JUMPDEST +241 PUSH1 0x40 +243 MLOAD +244 DUP1 +245 DUP3 +246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +267 AND +268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +289 AND +290 DUP2 +291 MSTORE +292 PUSH1 0x20 +294 ADD +295 SWAP2 +296 POP +297 POP +298 PUSH1 0x40 +300 MLOAD +301 DUP1 +302 SWAP2 +303 SUB +304 SWAP1 +305 RETURN +306 JUMPDEST +307 CALLVALUE +308 ISZERO +309 PUSH2 0x013d +312 JUMPI +313 PUSH1 0x00 +315 DUP1 +316 REVERT +317 JUMPDEST +318 PUSH2 0x0172 +321 PUSH1 0x04 +323 DUP1 +324 DUP1 +325 CALLDATALOAD +326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +347 AND +348 SWAP1 +349 PUSH1 0x20 +351 ADD +352 SWAP1 +353 SWAP2 +354 SWAP1 +355 DUP1 +356 CALLDATALOAD +357 SWAP1 +358 PUSH1 0x20 +360 ADD +361 SWAP1 +362 SWAP2 +363 SWAP1 +364 POP +365 POP +366 PUSH2 0x029f +369 JUMP +370 JUMPDEST +371 STOP +372 JUMPDEST +373 CALLVALUE +374 ISZERO +375 PUSH2 0x017f +378 JUMPI +379 PUSH1 0x00 +381 DUP1 +382 REVERT +383 JUMPDEST +384 PUSH2 0x01b4 +387 PUSH1 0x04 +389 DUP1 +390 DUP1 +391 CALLDATALOAD +392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +413 AND +414 SWAP1 +415 PUSH1 0x20 +417 ADD +418 SWAP1 +419 SWAP2 +420 SWAP1 +421 DUP1 +422 CALLDATALOAD +423 SWAP1 +424 PUSH1 0x20 +426 ADD +427 SWAP1 +428 SWAP2 +429 SWAP1 +430 POP +431 POP +432 PUSH2 0x035a +435 JUMP +436 JUMPDEST +437 STOP +438 JUMPDEST +439 DUP2 +440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +461 AND +462 PUSH1 0x40 +464 MLOAD +465 DUP1 +466 DUP1 +467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +500 DUP2 +501 MSTORE +502 POP +503 PUSH1 0x0d +505 ADD +506 SWAP1 +507 POP +508 PUSH1 0x40 +510 MLOAD +511 DUP1 +512 SWAP2 +513 SUB +514 SWAP1 +515 SHA3 +516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +546 SWAP1 +547 DIV +548 DUP3 +549 PUSH1 0x40 +551 MLOAD +552 DUP3 +553 PUSH4 0xffffffff +558 AND +559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +589 MUL +590 DUP2 +591 MSTORE +592 PUSH1 0x04 +594 ADD +595 DUP1 +596 DUP3 +597 DUP2 +598 MSTORE +599 PUSH1 0x20 +601 ADD +602 SWAP2 +603 POP +604 POP +605 PUSH1 0x00 +607 PUSH1 0x40 +609 MLOAD +610 DUP1 +611 DUP4 +612 SUB +613 DUP2 +614 PUSH1 0x00 +616 DUP8 +617 GAS +618 CALLCODE +619 SWAP3 +620 POP +621 POP +622 POP +623 POP +624 POP +625 POP +626 JUMP +627 JUMPDEST +628 PUSH1 0x00 +630 SLOAD +631 DUP2 +632 JUMP +633 JUMPDEST +634 PUSH1 0x01 +636 PUSH1 0x00 +638 SWAP1 +639 SLOAD +640 SWAP1 +641 PUSH2 0x0100 +644 EXP +645 SWAP1 +646 DIV +647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +668 AND +669 DUP2 +670 JUMP +671 JUMPDEST +672 DUP2 +673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +694 AND +695 PUSH1 0x40 +697 MLOAD +698 DUP1 +699 DUP1 +700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +733 DUP2 +734 MSTORE +735 POP +736 PUSH1 0x0d +738 ADD +739 SWAP1 +740 POP +741 PUSH1 0x40 +743 MLOAD +744 DUP1 +745 SWAP2 +746 SUB +747 SWAP1 +748 SHA3 +749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +779 SWAP1 +780 DIV +781 DUP3 +782 PUSH1 0x40 +784 MLOAD +785 DUP3 +786 PUSH4 0xffffffff +791 AND +792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +822 MUL +823 DUP2 +824 MSTORE +825 PUSH1 0x04 +827 ADD +828 DUP1 +829 DUP3 +830 DUP2 +831 MSTORE +832 PUSH1 0x20 +834 ADD +835 SWAP2 +836 POP +837 POP +838 PUSH1 0x00 +840 PUSH1 0x40 +842 MLOAD +843 DUP1 +844 DUP4 +845 SUB +846 DUP2 +847 DUP7 +848 GAS +849 DELEGATECALL +850 SWAP3 +851 POP +852 POP +853 POP +854 POP +855 POP +856 POP +857 JUMP +858 JUMPDEST +859 DUP2 +860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +881 AND +882 PUSH1 0x40 +884 MLOAD +885 DUP1 +886 DUP1 +887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +920 DUP2 +921 MSTORE +922 POP +923 PUSH1 0x0d +925 ADD +926 SWAP1 +927 POP +928 PUSH1 0x40 +930 MLOAD +931 DUP1 +932 SWAP2 +933 SUB +934 SWAP1 +935 SHA3 +936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +966 SWAP1 +967 DIV +968 DUP3 +969 PUSH1 0x40 +971 MLOAD +972 DUP3 +973 PUSH4 0xffffffff +978 AND +979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +1009 MUL +1010 DUP2 +1011 MSTORE +1012 PUSH1 0x04 +1014 ADD +1015 DUP1 +1016 DUP3 +1017 DUP2 +1018 MSTORE +1019 PUSH1 0x20 +1021 ADD +1022 SWAP2 +1023 POP +1024 POP +1025 PUSH1 0x00 +1027 PUSH1 0x40 +1029 MLOAD +1030 DUP1 +1031 DUP4 +1032 SUB +1033 DUP2 +1034 PUSH1 0x00 +1036 DUP8 +1037 GAS +1038 CALL +1039 SWAP3 +1040 POP +1041 POP +1042 POP +1043 POP +1044 POP +1045 POP +1046 JUMP +1047 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html new file mode 100644 index 00000000..e2acfeee --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json new file mode 100644 index 00000000..4c42213f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown new file mode 100644 index 00000000..7208086f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x141f32ff` +- PC address: 626 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x9b58bc26` +- PC address: 857 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1038 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1046 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text new file mode 100644 index 00000000..46f49440 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text @@ -0,0 +1,36 @@ +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x141f32ff +PC address: 626 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x9b58bc26 +PC address: 857 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1038 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1046 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm new file mode 100644 index 00000000..fbb53181 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm @@ -0,0 +1,253 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x27e235e3 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x412664ae +71 EQ +72 PUSH2 0x009e +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0088 +96 PUSH1 0x04 +98 DUP1 +99 DUP1 +100 CALLDATALOAD +101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +122 AND +123 SWAP1 +124 PUSH1 0x20 +126 ADD +127 SWAP1 +128 SWAP2 +129 SWAP1 +130 POP +131 POP +132 PUSH2 0x00f8 +135 JUMP +136 JUMPDEST +137 PUSH1 0x40 +139 MLOAD +140 DUP1 +141 DUP3 +142 DUP2 +143 MSTORE +144 PUSH1 0x20 +146 ADD +147 SWAP2 +148 POP +149 POP +150 PUSH1 0x40 +152 MLOAD +153 DUP1 +154 SWAP2 +155 SUB +156 SWAP1 +157 RETURN +158 JUMPDEST +159 CALLVALUE +160 ISZERO +161 PUSH2 0x00a9 +164 JUMPI +165 PUSH1 0x00 +167 DUP1 +168 REVERT +169 JUMPDEST +170 PUSH2 0x00de +173 PUSH1 0x04 +175 DUP1 +176 DUP1 +177 CALLDATALOAD +178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +199 AND +200 SWAP1 +201 PUSH1 0x20 +203 ADD +204 SWAP1 +205 SWAP2 +206 SWAP1 +207 DUP1 +208 CALLDATALOAD +209 SWAP1 +210 PUSH1 0x20 +212 ADD +213 SWAP1 +214 SWAP2 +215 SWAP1 +216 POP +217 POP +218 PUSH2 0x0110 +221 JUMP +222 JUMPDEST +223 PUSH1 0x40 +225 MLOAD +226 DUP1 +227 DUP3 +228 ISZERO +229 ISZERO +230 ISZERO +231 ISZERO +232 DUP2 +233 MSTORE +234 PUSH1 0x20 +236 ADD +237 SWAP2 +238 POP +239 POP +240 PUSH1 0x40 +242 MLOAD +243 DUP1 +244 SWAP2 +245 SUB +246 SWAP1 +247 RETURN +248 JUMPDEST +249 PUSH1 0x00 +251 PUSH1 0x20 +253 MSTORE +254 DUP1 +255 PUSH1 0x00 +257 MSTORE +258 PUSH1 0x40 +260 PUSH1 0x00 +262 SHA3 +263 PUSH1 0x00 +265 SWAP2 +266 POP +267 SWAP1 +268 POP +269 SLOAD +270 DUP2 +271 JUMP +272 JUMPDEST +273 PUSH1 0x00 +275 DUP2 +276 PUSH1 0x00 +278 DUP1 +279 CALLER +280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +301 AND +302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +323 AND +324 DUP2 +325 MSTORE +326 PUSH1 0x20 +328 ADD +329 SWAP1 +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 PUSH1 0x00 +337 SHA3 +338 SLOAD +339 LT +340 ISZERO +341 PUSH2 0x0161 +344 JUMPI +345 PUSH1 0x00 +347 SWAP1 +348 POP +349 PUSH2 0x01fe +352 JUMP +353 JUMPDEST +354 DUP2 +355 PUSH1 0x00 +357 DUP1 +358 CALLER +359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +380 AND +381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +402 AND +403 DUP2 +404 MSTORE +405 PUSH1 0x20 +407 ADD +408 SWAP1 +409 DUP2 +410 MSTORE +411 PUSH1 0x20 +413 ADD +414 PUSH1 0x00 +416 SHA3 +417 PUSH1 0x00 +419 DUP3 +420 DUP3 +421 SLOAD +422 SUB +423 SWAP3 +424 POP +425 POP +426 DUP2 +427 SWAP1 +428 SSTORE +429 POP +430 DUP2 +431 PUSH1 0x00 +433 DUP1 +434 DUP6 +435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +456 AND +457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +478 AND +479 DUP2 +480 MSTORE +481 PUSH1 0x20 +483 ADD +484 SWAP1 +485 DUP2 +486 MSTORE +487 PUSH1 0x20 +489 ADD +490 PUSH1 0x00 +492 SHA3 +493 PUSH1 0x00 +495 DUP3 +496 DUP3 +497 SLOAD +498 ADD +499 SWAP3 +500 POP +501 POP +502 DUP2 +503 SWAP1 +504 SSTORE +505 POP +506 PUSH1 0x00 +508 SWAP1 +509 POP +510 JUMPDEST +511 SWAP3 +512 SWAP2 +513 POP +514 POP +515 JUMP +516 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html new file mode 100644 index 00000000..caca188e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm new file mode 100644 index 00000000..e83ace06 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm @@ -0,0 +1,77 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0x8a4068dd +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x54 +81 PUSH1 0x56 +83 JUMP +84 JUMPDEST +85 STOP +86 JUMPDEST +87 CALLER +88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +109 AND +110 PUSH2 0x08fc +113 PUSH8 0x1bc16d674ec80000 +122 SWAP1 +123 DUP2 +124 ISZERO +125 MUL +126 SWAP1 +127 PUSH1 0x40 +129 MLOAD +130 PUSH1 0x00 +132 PUSH1 0x40 +134 MLOAD +135 DUP1 +136 DUP4 +137 SUB +138 DUP2 +139 DUP6 +140 DUP9 +141 DUP9 +142 CALL +143 SWAP4 +144 POP +145 POP +146 POP +147 POP +148 ISZERO +149 ISZERO +150 PUSH1 0x9d +152 JUMPI +153 PUSH1 0x00 +155 DUP1 +156 REVERT +157 JUMPDEST +158 JUMP +159 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html new file mode 100644 index 00000000..953021af --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json new file mode 100644 index 00000000..5dff6426 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown new file mode 100644 index 00000000..8817ccea --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown @@ -0,0 +1,13 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x8a4068dd` +- PC address: 142 + +### Description + +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. +It seems that this function can be called without restrictions. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text new file mode 100644 index 00000000..ac727e59 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text @@ -0,0 +1,10 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: _function_0x8a4068dd +PC address: 142 +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. +It seems that this function can be called without restrictions. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm new file mode 100644 index 00000000..555d5ba3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm @@ -0,0 +1,167 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0041 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x24ff38a2 +60 EQ +61 PUSH2 0x0046 +64 JUMPI +65 JUMPDEST +66 PUSH1 0x00 +68 DUP1 +69 REVERT +70 JUMPDEST +71 CALLVALUE +72 DUP1 +73 ISZERO +74 PUSH2 0x0052 +77 JUMPI +78 PUSH1 0x00 +80 DUP1 +81 REVERT +82 JUMPDEST +83 POP +84 PUSH2 0x005b +87 PUSH2 0x00d6 +90 JUMP +91 JUMPDEST +92 PUSH1 0x40 +94 MLOAD +95 DUP1 +96 DUP1 +97 PUSH1 0x20 +99 ADD +100 DUP3 +101 DUP2 +102 SUB +103 DUP3 +104 MSTORE +105 DUP4 +106 DUP2 +107 DUP2 +108 MLOAD +109 DUP2 +110 MSTORE +111 PUSH1 0x20 +113 ADD +114 SWAP2 +115 POP +116 DUP1 +117 MLOAD +118 SWAP1 +119 PUSH1 0x20 +121 ADD +122 SWAP1 +123 DUP1 +124 DUP4 +125 DUP4 +126 PUSH1 0x00 +128 JUMPDEST +129 DUP4 +130 DUP2 +131 LT +132 ISZERO +133 PUSH2 0x009b +136 JUMPI +137 DUP1 +138 DUP3 +139 ADD +140 MLOAD +141 DUP2 +142 DUP5 +143 ADD +144 MSTORE +145 PUSH1 0x20 +147 DUP2 +148 ADD +149 SWAP1 +150 POP +151 PUSH2 0x0080 +154 JUMP +155 JUMPDEST +156 POP +157 POP +158 POP +159 POP +160 SWAP1 +161 POP +162 SWAP1 +163 DUP2 +164 ADD +165 SWAP1 +166 PUSH1 0x1f +168 AND +169 DUP1 +170 ISZERO +171 PUSH2 0x00c8 +174 JUMPI +175 DUP1 +176 DUP3 +177 SUB +178 DUP1 +179 MLOAD +180 PUSH1 0x01 +182 DUP4 +183 PUSH1 0x20 +185 SUB +186 PUSH2 0x0100 +189 EXP +190 SUB +191 NOT +192 AND +193 DUP2 +194 MSTORE +195 PUSH1 0x20 +197 ADD +198 SWAP2 +199 POP +200 JUMPDEST +201 POP +202 SWAP3 +203 POP +204 POP +205 POP +206 PUSH1 0x40 +208 MLOAD +209 DUP1 +210 SWAP2 +211 SUB +212 SWAP1 +213 RETURN +214 JUMPDEST +215 PUSH1 0x60 +217 PUSH1 0x40 +219 DUP1 +220 MLOAD +221 SWAP1 +222 DUP2 +223 ADD +224 PUSH1 0x40 +226 MSTORE +227 DUP1 +228 PUSH1 0x17 +230 DUP2 +231 MSTORE +232 PUSH1 0x20 +234 ADD +235 PUSH32 0xd0a5d18dd0bbd0bbd0bed18320d092d0bed180d0bbd0b4000000000000000000 +268 DUP2 +269 MSTORE +270 POP +271 SWAP1 +272 POP +273 SWAP1 +274 JUMP +275 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html new file mode 100644 index 00000000..68d83005 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm new file mode 100644 index 00000000..e1bffe10 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm @@ -0,0 +1,168 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x8da5cb5b +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xf2fde38b +71 EQ +72 PUSH2 0x00a6 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x00df +99 JUMP +100 JUMPDEST +101 PUSH1 0x40 +103 MLOAD +104 DUP1 +105 DUP3 +106 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +127 AND +128 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +149 AND +150 DUP2 +151 MSTORE +152 PUSH1 0x20 +154 ADD +155 SWAP2 +156 POP +157 POP +158 PUSH1 0x40 +160 MLOAD +161 DUP1 +162 SWAP2 +163 SUB +164 SWAP1 +165 RETURN +166 JUMPDEST +167 CALLVALUE +168 ISZERO +169 PUSH2 0x00b1 +172 JUMPI +173 PUSH1 0x00 +175 DUP1 +176 REVERT +177 JUMPDEST +178 PUSH2 0x00dd +181 PUSH1 0x04 +183 DUP1 +184 DUP1 +185 CALLDATALOAD +186 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +207 AND +208 SWAP1 +209 PUSH1 0x20 +211 ADD +212 SWAP1 +213 SWAP2 +214 SWAP1 +215 POP +216 POP +217 PUSH2 0x0104 +220 JUMP +221 JUMPDEST +222 STOP +223 JUMPDEST +224 PUSH1 0x00 +226 DUP1 +227 SWAP1 +228 SLOAD +229 SWAP1 +230 PUSH2 0x0100 +233 EXP +234 SWAP1 +235 DIV +236 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +257 AND +258 DUP2 +259 JUMP +260 JUMPDEST +261 PUSH1 0x00 +263 DUP1 +264 SWAP1 +265 SLOAD +266 SWAP1 +267 PUSH2 0x0100 +270 EXP +271 SWAP1 +272 DIV +273 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +294 AND +295 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +316 AND +317 ORIGIN +318 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +339 AND +340 EQ +341 ISZERO +342 ISZERO +343 PUSH2 0x015f +346 JUMPI +347 PUSH1 0x00 +349 DUP1 +350 REVERT +351 JUMPDEST +352 PUSH1 0x00 +354 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +375 AND +376 DUP2 +377 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +398 AND +399 EQ +400 ISZERO +401 ISZERO +402 PUSH2 0x01d6 +405 JUMPI +406 DUP1 +407 PUSH1 0x00 +409 DUP1 +410 PUSH2 0x0100 +413 EXP +414 DUP2 +415 SLOAD +416 DUP2 +417 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +438 MUL +439 NOT +440 AND +441 SWAP1 +442 DUP4 +443 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +464 AND +465 MUL +466 OR +467 SWAP1 +468 SSTORE +469 POP +470 JUMPDEST +471 POP +472 JUMP +473 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html new file mode 100644 index 00000000..e44a58df --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json new file mode 100644 index 00000000..0e924831 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown new file mode 100644 index 00000000..1e9d6d8b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown @@ -0,0 +1,13 @@ +# Analysis results for test-filename.sol + +## Use of tx.origin +- SWC ID: 115 +- Type: Warning +- Contract: Unknown +- Function name: `transferOwnership(address)` +- PC address: 317 + +### Description + +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text new file mode 100644 index 00000000..b71422be --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text @@ -0,0 +1,10 @@ +==== Use of tx.origin ==== +SWC ID: 115 +Type: Warning +Contract: Unknown +Function name: transferOwnership(address) +PC address: 317 +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm new file mode 100644 index 00000000..b0763999 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm @@ -0,0 +1,388 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x02 +735 PUSH1 0x00 +737 DUP1 +738 DUP6 +739 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +760 AND +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 MSTORE +785 PUSH1 0x20 +787 ADD +788 SWAP1 +789 DUP2 +790 MSTORE +791 PUSH1 0x20 +793 ADD +794 PUSH1 0x00 +796 SHA3 +797 DUP2 +798 SWAP1 +799 SSTORE +800 POP +801 PUSH1 0x01 +803 SWAP1 +804 POP +805 SWAP3 +806 SWAP2 +807 POP +808 POP +809 JUMP +810 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html new file mode 100644 index 00000000..ed71dd6e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json new file mode 100644 index 00000000..fb92acaf --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown new file mode 100644 index 00000000..4f86063c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The substraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The substraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text new file mode 100644 index 00000000..acdce40b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm new file mode 100644 index 00000000..13a426cc --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm @@ -0,0 +1,129 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x633ab5e0 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xe3bea282 +71 EQ +72 PUSH2 0x0066 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x007b +99 JUMP +100 JUMPDEST +101 STOP +102 JUMPDEST +103 CALLVALUE +104 ISZERO +105 PUSH2 0x0071 +108 JUMPI +109 PUSH1 0x00 +111 DUP1 +112 REVERT +113 JUMPDEST +114 PUSH2 0x0079 +117 PUSH2 0x00d4 +120 JUMP +121 JUMPDEST +122 STOP +123 JUMPDEST +124 PUSH1 0x00 +126 DUP1 +127 SWAP1 +128 SLOAD +129 SWAP1 +130 PUSH2 0x0100 +133 EXP +134 SWAP1 +135 DIV +136 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +157 AND +158 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +179 AND +180 PUSH1 0x40 +182 MLOAD +183 PUSH1 0x00 +185 PUSH1 0x40 +187 MLOAD +188 DUP1 +189 DUP4 +190 SUB +191 DUP2 +192 PUSH1 0x00 +194 DUP7 +195 GAS +196 CALL +197 SWAP2 +198 POP +199 POP +200 ISZERO +201 ISZERO +202 PUSH2 0x00d2 +205 JUMPI +206 PUSH1 0x00 +208 DUP1 +209 REVERT +210 JUMPDEST +211 JUMP +212 JUMPDEST +213 PUSH1 0x00 +215 DUP1 +216 SWAP1 +217 SLOAD +218 SWAP1 +219 PUSH2 0x0100 +222 EXP +223 SWAP1 +224 DIV +225 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +246 AND +247 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +268 AND +269 PUSH1 0x40 +271 MLOAD +272 PUSH1 0x00 +274 PUSH1 0x40 +276 MLOAD +277 DUP1 +278 DUP4 +279 SUB +280 DUP2 +281 PUSH1 0x00 +283 DUP7 +284 GAS +285 CALL +286 SWAP2 +287 POP +288 POP +289 POP +290 JUMP +291 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html new file mode 100644 index 00000000..a63a268a --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json new file mode 100644 index 00000000..81ee3cb3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown new file mode 100644 index 00000000..f3a058bd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x633ab5e0` +- PC address: 196 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 285 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 290 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text new file mode 100644 index 00000000..2a8b1470 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text @@ -0,0 +1,27 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x633ab5e0 +PC address: 196 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 285 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 290 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm new file mode 100644 index 00000000..892e7787 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm @@ -0,0 +1,58 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0xcbf0b0c0 +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x78 +81 PUSH1 0x04 +83 DUP1 +84 DUP1 +85 CALLDATALOAD +86 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +107 AND +108 SWAP1 +109 PUSH1 0x20 +111 ADD +112 SWAP1 +113 SWAP2 +114 SWAP1 +115 POP +116 POP +117 PUSH1 0x7a +119 JUMP +120 JUMPDEST +121 STOP +122 JUMPDEST +123 DUP1 +124 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +145 AND +146 SUICIDE +147 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html new file mode 100644 index 00000000..e1797023 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json new file mode 100644 index 00000000..4b9b6b83 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown new file mode 100644 index 00000000..6d24f84d --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown @@ -0,0 +1,12 @@ +# Analysis results for test-filename.sol + +## Unchecked SUICIDE +- SWC ID: 106 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xcbf0b0c0` +- PC address: 146 + +### Description + +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text new file mode 100644 index 00000000..138bf06b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text @@ -0,0 +1,10 @@ +==== Unchecked SUICIDE ==== +SWC ID: 106 +Type: Warning +Contract: Unknown +Function name: _function_0xcbf0b0c0 +PC address: 146 +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm new file mode 100644 index 00000000..0ed8f651 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm @@ -0,0 +1,365 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x01 +735 SWAP1 +736 POP +737 SWAP3 +738 SWAP2 +739 POP +740 POP +741 JUMP +742 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html new file mode 100644 index 00000000..062a5856 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json new file mode 100644 index 00000000..fb92acaf --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown new file mode 100644 index 00000000..4f86063c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The substraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The substraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text new file mode 100644 index 00000000..acdce40b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/overflow.sol.o.graph.html index 5d117d28..ed71dd6e 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.graph.html +++ b/tests/testdata/outputs_expected/overflow.sol.o.graph.html @@ -8,6 +8,7 @@

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+