From cee0c77153cc9f8e682a20dde68af7e12e264259 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Mon, 13 Aug 2018 21:35:05 +0700 Subject: [PATCH 001/213] Code formatting --- mythril/support/signatures.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/mythril/support/signatures.py b/mythril/support/signatures.py index 515bba9d..a2b9d87b 100644 --- a/mythril/support/signatures.py +++ b/mythril/support/signatures.py @@ -5,14 +5,12 @@ import os import json import time -import pathlib import logging from subprocess import Popen, PIPE from mythril.exceptions import CompilerError - # todo: tintinweb - make this a normal requirement? (deps: eth-abi and requests, both already required by mythril) try: # load if available but do not fail From 7f9acbce4c0f950f522d253d6cc3f2dc7da05921 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Fri, 21 Sep 2018 18:48:53 +0700 Subject: [PATCH 002/213] Update wording 'tx order independence' -> 'dependence' --- ...on_order_independence.py => transaction_order_dependence.py} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename mythril/analysis/modules/{transaction_order_independence.py => transaction_order_dependence.py} (97%) diff --git a/mythril/analysis/modules/transaction_order_independence.py b/mythril/analysis/modules/transaction_order_dependence.py similarity index 97% rename from mythril/analysis/modules/transaction_order_independence.py rename to mythril/analysis/modules/transaction_order_dependence.py index 629d21a3..a522b89c 100644 --- a/mythril/analysis/modules/transaction_order_independence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -34,7 +34,7 @@ def execute(statespace): "Warning") issue.description = \ - "A possible transaction order independence vulnerability exists in function {}. The value or " \ + "A possible transaction order dependence vulnerability exists in function {}. The value or " \ "direction of the call statement is determined from a tainted storage location"\ .format(node.function_name) issues.append(issue) From 9b6325b44dd9679cc44fac79e18498bead624d8d Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Wed, 26 Sep 2018 10:46:52 +0200 Subject: [PATCH 003/213] Update test files --- tests/testdata/outputs_expected/calls.sol.o.json | 2 +- tests/testdata/outputs_expected/calls.sol.o.markdown | 2 +- tests/testdata/outputs_expected/calls.sol.o.text | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/testdata/outputs_expected/calls.sol.o.json b/tests/testdata/outputs_expected/calls.sol.o.json index 5b7e39a9..c8723c44 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.json +++ b/tests/testdata/outputs_expected/calls.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "A possible transaction order independence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown index b5f5990e..fb9e28ff 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/calls.sol.o.markdown @@ -42,7 +42,7 @@ This contract executes a message call to an address found at storage slot 1. Thi ### Description -A possible transaction order independence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location +A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location ## Unchecked CALL return value diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text index f126ddb5..c0ce9b71 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ b/tests/testdata/outputs_expected/calls.sol.o.text @@ -27,7 +27,7 @@ Type: Warning Contract: Unknown Function name: _function_0xd24b08cc PC address: 779 -A possible transaction order independence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location +A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location -------------------- ==== Unchecked CALL return value ==== From 296da3a54a762cd1d394979ec5be8a20fa834ed2 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Fri, 28 Sep 2018 18:31:43 +0530 Subject: [PATCH 004/213] Add swc id to mythril report --- mythril/analysis/modules/delegatecall.py | 9 +++-- .../modules/dependence_on_predictable_vars.py | 13 ++++--- mythril/analysis/modules/deprecated_ops.py | 13 ++++--- mythril/analysis/modules/ether_send.py | 6 ++- mythril/analysis/modules/exceptions.py | 15 ++++++-- mythril/analysis/modules/external_calls.py | 37 ++++++++++++------- mythril/analysis/modules/integer.py | 9 +++-- mythril/analysis/modules/multiple_sends.py | 6 +-- mythril/analysis/modules/suicide.py | 5 ++- .../modules/transaction_order_dependence.py | 6 +-- mythril/analysis/modules/unchecked_retval.py | 20 ++++++---- mythril/analysis/report.py | 8 +++- mythril/analysis/swc_data.py | 23 ++++++++++++ .../templates/report_as_markdown.jinja2 | 2 +- .../analysis/templates/report_as_text.jinja2 | 1 + .../outputs_expected/calls.sol.o.json | 2 +- .../outputs_expected/calls.sol.o.markdown | 20 +++++----- .../outputs_expected/calls.sol.o.text | 10 +++++ .../outputs_expected/environments.sol.o.json | 2 +- .../environments.sol.o.markdown | 6 +-- .../outputs_expected/environments.sol.o.text | 3 ++ .../outputs_expected/ether_send.sol.o.json | 2 +- .../ether_send.sol.o.markdown | 4 +- .../outputs_expected/ether_send.sol.o.text | 2 + .../outputs_expected/exceptions.sol.o.json | 2 +- .../exceptions.sol.o.markdown | 8 ++-- .../outputs_expected/exceptions.sol.o.text | 4 ++ .../kinds_of_calls.sol.o.json | 2 +- .../kinds_of_calls.sol.o.markdown | 8 ++-- .../kinds_of_calls.sol.o.text | 4 ++ .../multi_contracts.sol.o.json | 2 +- .../multi_contracts.sol.o.markdown | 2 +- .../multi_contracts.sol.o.text | 1 + .../outputs_expected/origin.sol.o.json | 2 +- .../outputs_expected/origin.sol.o.markdown | 4 +- .../outputs_expected/origin.sol.o.text | 3 +- .../outputs_expected/overflow.sol.o.json | 2 +- .../outputs_expected/overflow.sol.o.markdown | 6 +-- .../outputs_expected/overflow.sol.o.text | 3 ++ .../outputs_expected/returnvalue.sol.o.json | 2 +- .../returnvalue.sol.o.markdown | 6 +-- .../outputs_expected/returnvalue.sol.o.text | 3 ++ .../outputs_expected/suicide.sol.o.json | 2 +- .../outputs_expected/suicide.sol.o.markdown | 2 +- .../outputs_expected/suicide.sol.o.text | 1 + .../outputs_expected/underflow.sol.o.json | 2 +- .../outputs_expected/underflow.sol.o.markdown | 6 +-- .../outputs_expected/underflow.sol.o.text | 3 ++ 48 files changed, 203 insertions(+), 101 deletions(-) create mode 100644 mythril/analysis/swc_data.py diff --git a/mythril/analysis/modules/delegatecall.py b/mythril/analysis/modules/delegatecall.py index fddd95ee..d676f8f2 100644 --- a/mythril/analysis/modules/delegatecall.py +++ b/mythril/analysis/modules/delegatecall.py @@ -1,4 +1,5 @@ import re +from mythril.analysis.swc_data import DELEGATECALL_TO_UNTRUSTED_CONTRACT from mythril.analysis.ops import get_variable, VarType from mythril.analysis.report import Issue import logging @@ -43,8 +44,9 @@ def _concrete_call(call, state, address, meminstart): if not re.search(r'calldata.*_0', str(state.mstate.memory[meminstart.val])): return [] - issue = Issue(call.node.contract_name, call.node.function_name, address, - "Call data forwarded with delegatecall()", "Informational") + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, + swc_id=DELEGATECALL_TO_UNTRUSTED_CONTRACT, title="Call data forwarded with delegatecall()", + _type="Informational") issue.description = \ "This contract forwards its call data via DELEGATECALL in its fallback function. " \ @@ -58,7 +60,8 @@ def _concrete_call(call, state, address, meminstart): def _symbolic_call(call, state, address, statespace): - issue = Issue(call.node.contract_name, call.node.function_name, address, call.type + " to a user-supplied address") + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, + swc_id=DELEGATECALL_TO_UNTRUSTED_CONTRACT, title=call.type + " to a user-supplied address") if "calldata" in str(call.to): issue.description = \ diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index 5d86939f..6395c0e3 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -3,6 +3,7 @@ from z3 import * from mythril.analysis.ops import VarType from mythril.analysis import solver from mythril.analysis.report import Issue +from mythril.analysis.swc_data import * from mythril.exceptions import UnsatError import logging @@ -27,15 +28,14 @@ def execute(statespace): for call in statespace.calls: - if ("callvalue" in str(call.value)): + if "callvalue" in str(call.value): logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] Skipping refund function") continue # We're only interested in calls that send Ether - if call.value.type == VarType.CONCRETE: - if call.value.val == 0: - continue + if call.value.type == VarType.CONCRETE and call.value.val == 0: + continue address = call.state.get_current_instruction()['address'] @@ -56,8 +56,9 @@ def execute(statespace): for item in found: description += "- block.{}\n".format(item) if solve(call): - issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable environment variable", "Warning", - description) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, + swc_id=SHADOWING_STATE_VARIABLES, title="Dependence on predictable environment variable", + _type="Warning", description=description) issues.append(issue) # Second check: blockhash diff --git a/mythril/analysis/modules/deprecated_ops.py b/mythril/analysis/modules/deprecated_ops.py index dc0c2de1..84f39b6e 100644 --- a/mythril/analysis/modules/deprecated_ops.py +++ b/mythril/analysis/modules/deprecated_ops.py @@ -1,4 +1,5 @@ from mythril.analysis.report import Issue +from mythril.analysis.swc_data import TX_ORIGIN_USAGE import logging @@ -22,12 +23,14 @@ def execute(statespace): instruction = state.get_current_instruction() - if(instruction['opcode'] == "ORIGIN"): - - issue = Issue(node.contract_name, node.function_name, instruction['address'], "Use of tx.origin", "Warning", - "Function " + node.function_name + " retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin" - ) + if instruction['opcode'] == "ORIGIN": + description = "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. " \ + "Use msg.sender instead.\nSee also: " \ + "https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin".format(node.function_name) + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + title="Use of tx.origin", _type="Warning", swc_id=TX_ORIGIN_USAGE, + description=description) issues.append(issue) return issues diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index b7a4dce0..bfb0d057 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -2,6 +2,7 @@ from z3 import * from mythril.analysis.ops import * from mythril.analysis import solver from mythril.analysis.report import Issue +from mythril.analysis.swc_data import UNPROTECTED_ETHER_WITHDRAWAL from mythril.exceptions import UnsatError import re import logging @@ -115,8 +116,9 @@ def execute(statespace): debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) - issue = Issue(call.node.contract_name, call.node.function_name, address, "Ether send", "Warning", - description, debug) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, + title="Ether send", _type="Warning", swc_id=UNPROTECTED_ETHER_WITHDRAWAL, + description=description, debug=debug) issues.append(issue) except UnsatError: diff --git a/mythril/analysis/modules/exceptions.py b/mythril/analysis/modules/exceptions.py index fc287948..ac0723e0 100644 --- a/mythril/analysis/modules/exceptions.py +++ b/mythril/analysis/modules/exceptions.py @@ -1,4 +1,5 @@ from mythril.analysis.report import Issue +from mythril.analysis.swc_data import ASSERT_VIOLATION from mythril.exceptions import UnsatError from mythril.analysis import solver import logging @@ -24,19 +25,25 @@ def execute(statespace): for state in node.states: instruction = state.get_current_instruction() - if(instruction['opcode'] == "ASSERT_FAIL"): + if instruction['opcode'] == "ASSERT_FAIL": try: model = solver.get_model(node.constraints) address = state.get_current_instruction()['address'] - description = "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. " - description += "This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. " + description = "A reachable exception (opcode 0xfe) has been detected. " \ + "This can be caused by type errors, division by zero, " \ + "out-of-bounds array access, or assert violations. " + description += "This is acceptable in most situations. " \ + "Note however that `assert()` should only be used to check invariants. " \ + "Use `require()` for regular input checking. " debug = "The exception is triggered under the following conditions:\n\n" debug += solver.pretty_print_model(model) - issues.append(Issue(node.contract_name, node.function_name, address, "Exception state", "Informational", description, debug)) + issues.append(Issue(contract=node.contract_name, function=node.function_name, address=address, + swc_id=ASSERT_VIOLATION, title="Exception state", _type="Informational", + description=description, debug=debug)) except UnsatError: logging.debug("[EXCEPTIONS] no model found") diff --git a/mythril/analysis/modules/external_calls.py b/mythril/analysis/modules/external_calls.py index 884e9c7c..9b7d4038 100644 --- a/mythril/analysis/modules/external_calls.py +++ b/mythril/analysis/modules/external_calls.py @@ -2,6 +2,7 @@ from z3 import * from mythril.analysis.ops import * from mythril.analysis.report import Issue from mythril.analysis import solver +from mythril.analysis.swc_data import REENTRANCY import re import logging @@ -19,7 +20,7 @@ def search_children(statespace, node, start_index=0, depth=0, results=[]): logging.debug("SEARCHING NODE %d", node.uid) - if(depth < MAX_SEARCH_DEPTH): + if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) @@ -35,7 +36,7 @@ def search_children(statespace, node, start_index=0, depth=0, results=[]): if edge.node_from == node.uid: children.append(statespace.nodes[edge.node_to]) - if (len(children)): + if len(children): for node in children: return search_children(statespace, node, depth=depth + 1, results=results) @@ -54,20 +55,20 @@ def execute(statespace): state = call.state address = state.get_current_instruction()['address'] - if (call.type == "CALL"): + if call.type == "CALL": logging.info("[EXTERNAL_CALLS] Call to: %s, value = %s, gas = %s" % (str(call.to), str(call.value), str(call.gas))) - if (call.to.type == VarType.SYMBOLIC and (call.gas.type == VarType.CONCRETE and call.gas.val > 2300) or (call.gas.type == VarType.SYMBOLIC and "2300" not in str(call.gas))): + if call.to.type == VarType.SYMBOLIC and (call.gas.type == VarType.CONCRETE and call.gas.val > 2300) or (call.gas.type == VarType.SYMBOLIC and "2300" not in str(call.gas)): description = "This contract executes a message call to " target = str(call.to) user_supplied = False - if ("calldata" in target or "caller" in target): + if "calldata" in target or "caller" in target: - if ("calldata" in target): + if "calldata" in target: description += "an address provided as a function argument. " else: description += "the address of the transaction sender. " @@ -76,7 +77,7 @@ def execute(statespace): else: m = re.search(r'storage_([a-z0-9_&^]+)', str(call.to)) - if (m): + if m: idx = m.group(1) func = statespace.find_storage_write(state.environment.active_account.address, idx) @@ -90,15 +91,20 @@ def execute(statespace): if user_supplied: - description += "Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state." + description += "Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. " \ + "Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state." - issue = Issue(call.node.contract_name, call.node.function_name, address, "Message call to external contract", "Warning", description) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, + address=address, title="Message call to external contract", _type="Warning", + description=description, swc_id=REENTRANCY) else: description += "to another contract. Make sure that the called contract is trusted and does not execute user-supplied code." - issue = Issue(call.node.contract_name, call.node.function_name, address, "Message call to external contract", "Informational", description) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, + title="Message call to external contract", _type="Informational", + description=description, swc_id=REENTRANCY) issues.append(issue) @@ -113,10 +119,15 @@ def execute(statespace): logging.debug("[EXTERNAL_CALLS] Detected state changes at addresses: " + str(state_change_addresses)) - if (len(state_change_addresses)): + if len(state_change_addresses): for address in state_change_addresses: - description = "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities." - issue = Issue(call.node.contract_name, call.node.function_name, address, "State change after external call", "Warning", description) + description = "The contract account state is changed after an external call. " \ + "Consider that the called contract could re-enter the function before this " \ + "state change takes place. This can lead to business logic vulnerabilities." + + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, + address=address, title="State change after external call", _type="Warning", + description=description, swc_id=REENTRANCY) issues.append(issue) return issues diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index f89c0781..d83fd7a3 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -2,6 +2,7 @@ from z3 import * from mythril.analysis import solver from mythril.analysis.ops import * from mythril.analysis.report import Issue +from mythril.analysis.swc_data import INTEGER_OVERFLOW_AND_UNDERFLOW from mythril.exceptions import UnsatError from mythril.laser.ethereum.taint_analysis import TaintRunner import re @@ -16,6 +17,7 @@ For every SUB instruction, check if there's a possible state where op1 > op0. For every ADD, MUL instruction, check if there's a possible state where op1 + op0 > 2^32 - 1 ''' + def execute(statespace): """ Executes analysis module for integer underflow and integer overflow @@ -85,7 +87,8 @@ def _check_integer_overflow(statespace, state, node): return issues # Build issue - issue = Issue(node.contract_name, node.function_name, instruction['address'], "Integer Overflow", "Warning") + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + swc_id=INTEGER_OVERFLOW_AND_UNDERFLOW, title="Integer Overflow", _type="Warning") issue.description = "A possible integer overflow exists in the function `{}`.\n" \ "The addition or multiplication may result in a value higher than the maximum representable integer.".format( @@ -173,8 +176,8 @@ def _check_integer_underflow(statespace, state, node): if len(interesting_usages) == 0: return issues - issue = Issue(node.contract_name, node.function_name, instruction['address'], "Integer Underflow", - "Warning") + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + swc_id=INTEGER_OVERFLOW_AND_UNDERFLOW, title="Integer Underflow", _type="Warning") issue.description = "A possible integer underflow exists in the function `" + node.function_name + "`.\n" \ "The subtraction may result in a value < 0." diff --git a/mythril/analysis/modules/multiple_sends.py b/mythril/analysis/modules/multiple_sends.py index a7c065cc..0df17575 100644 --- a/mythril/analysis/modules/multiple_sends.py +++ b/mythril/analysis/modules/multiple_sends.py @@ -1,4 +1,5 @@ from mythril.analysis.report import Issue +from mythril.analysis.swc_data import * from mythril.laser.ethereum.cfg import JumpType """ MODULE DESCRIPTION: @@ -20,9 +21,8 @@ def execute(statespace): if len(findings) > 0: node = call.node instruction = call.state.get_current_instruction() - issue = Issue(node.contract_name, node.function_name, instruction['address'], - "Multiple Calls", - "Informational") + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + swc_id=MULTIPLE_SENDS, title="Multiple Calls", _type="Informational") issue.description = \ "Multiple sends exist in one transaction, try to isolate each external call into its own transaction." \ diff --git a/mythril/analysis/modules/suicide.py b/mythril/analysis/modules/suicide.py index 53637ffd..e2185fe5 100644 --- a/mythril/analysis/modules/suicide.py +++ b/mythril/analysis/modules/suicide.py @@ -1,6 +1,7 @@ from mythril.analysis import solver from mythril.analysis.ops import * from mythril.analysis.report import Issue +from mythril.analysis.swc_data import UNPROTECTED_SELFDESTRUCT from mythril.exceptions import UnsatError import logging @@ -63,7 +64,9 @@ def _analyze_state(state, node): debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) - issue = Issue(node.contract_name, node.function_name, instruction['address'], "Unchecked SUICIDE", "Warning", description, debug) + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + swc_id=UNPROTECTED_SELFDESTRUCT, title="Unchecked SUICIDE", _type="Warning", + description=description, debug=debug) issues.append(issue) except UnsatError: logging.debug("[UNCHECKED_SUICIDE] no model found") diff --git a/mythril/analysis/modules/transaction_order_dependence.py b/mythril/analysis/modules/transaction_order_dependence.py index a522b89c..f5b45f5d 100644 --- a/mythril/analysis/modules/transaction_order_dependence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -4,6 +4,7 @@ import re from mythril.analysis import solver from mythril.analysis.ops import * from mythril.analysis.report import Issue +from mythril.analysis.swc_data import TX_ORDER_DEPENDENCE from mythril.exceptions import UnsatError ''' @@ -29,9 +30,8 @@ def execute(statespace): if len(changing_sstores) > 0: node = call.node instruction = call.state.get_current_instruction() - issue = Issue(node.contract_name, node.function_name, instruction['address'], - "Transaction order dependence", - "Warning") + issue = Issue(contract=node.contract_name, function=node.function_name, address=instruction['address'], + title="Transaction order dependence", swc_id=TX_ORDER_DEPENDENCE, _type="Warning") issue.description = \ "A possible transaction order dependence vulnerability exists in function {}. The value or " \ diff --git a/mythril/analysis/modules/unchecked_retval.py b/mythril/analysis/modules/unchecked_retval.py index 0c6f6b09..5ee2b327 100644 --- a/mythril/analysis/modules/unchecked_retval.py +++ b/mythril/analysis/modules/unchecked_retval.py @@ -1,4 +1,6 @@ from mythril.analysis.report import Issue +from mythril.analysis.swc_data import UNCHECKED_RET_VAL + from mythril.laser.ethereum.svm import NodeFlags import logging import re @@ -41,17 +43,19 @@ def execute(statespace): instr = state.get_current_instruction() - if (instr['opcode'] == 'ISZERO' and re.search(r'retval', str(state.mstate.stack[-1]))): + if instr['opcode'] == 'ISZERO' and re.search(r'retval', str(state.mstate.stack[-1])): retval_checked = True break if not retval_checked: address = state.get_current_instruction()['address'] - issue = Issue(node.contract_name, node.function_name, address, "Unchecked CALL return value") + issue = Issue(contract=node.contract_name, function=node.function_name, address=address, + title="Unchecked CALL return value", swc_id=UNCHECKED_RET_VAL) issue.description = \ - "The return value of an external call is not checked. Note that execution continue even if the called contract throws." + "The return value of an external call is not checked. " \ + "Note that execution continue even if the called contract throws." issues.append(issue) @@ -64,7 +68,7 @@ def execute(statespace): state = node.states[idx] instr = state.get_current_instruction() - if (instr['opcode'] == 'CALL'): + if instr['opcode'] == 'CALL': retval_checked = False @@ -74,7 +78,7 @@ def execute(statespace): _state = node.states[_idx] _instr = _state.get_current_instruction() - if (_instr['opcode'] == 'ISZERO' and re.search(r'retval', str(_state .mstate.stack[-1]))): + if _instr['opcode'] == 'ISZERO' and re.search(r'retval', str(_state .mstate.stack[-1])): retval_checked = True break @@ -84,10 +88,12 @@ def execute(statespace): if not retval_checked: address = instr['address'] - issue = Issue(node.contract_name, node.function_name, address, "Unchecked CALL return value") + issue = Issue(contract=node.contract_name, function=node.function_name, + address=address, title="Unchecked CALL return value", swc_id=UNCHECKED_RET_VAL) issue.description = \ - "The return value of an external call is not checked. Note that execution continue even if the called contract throws." + "The return value of an external call is not checked. " \ + "Note that execution continue even if the called contract throws." issues.append(issue) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 35bbae07..a6cfd59d 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -3,9 +3,10 @@ import json import operator from jinja2 import PackageLoader, Environment + class Issue: - def __init__(self, contract, function, address, title, _type="Informational", description="", debug=""): + def __init__(self, contract, function, address, swc_id, title, _type="Informational", description="", debug=""): self.title = title self.contract = contract @@ -14,6 +15,7 @@ class Issue: self.description = description self.type = _type self.debug = debug + self.swc_id = swc_id self.filename = None self.code = None self.lineno = None @@ -22,7 +24,8 @@ class Issue: @property def as_dict(self): - issue = {'title': self.title, 'contract': self.contract, 'description': self.description, 'function': self.function, 'type': self.type, 'address': self.address, 'debug': self.debug} + issue = {'title': self.title, 'swc_id': self.swc_id, 'contract': self.contract, 'description': self.description, + 'function': self.function, 'type': self.type, 'address': self.address, 'debug': self.debug} if self.filename and self.lineno: issue['filename'] = self.filename @@ -40,6 +43,7 @@ class Issue: self.code = codeinfo.code self.lineno = codeinfo.lineno + class Report: environment = Environment(loader=PackageLoader('mythril.analysis'), trim_blocks=True) diff --git a/mythril/analysis/swc_data.py b/mythril/analysis/swc_data.py new file mode 100644 index 00000000..204dc6da --- /dev/null +++ b/mythril/analysis/swc_data.py @@ -0,0 +1,23 @@ +DEFAULT_FUNCTION_VISIBILITY = '100' +INTEGER_OVERFLOW_AND_UNDERFLOW = '101' +OUTDATED_COMPILER_VERSION = '102' +FLOATING_PRAGMA = '103' +UNCHECKED_RET_VAL = '104' +UNPROTECTED_ETHER_WITHDRAWAL = '105' +UNPROTECTED_SELFDESTRUCT = '106' +REENTRANCY = '107' +DEFAULT_STATE_VARIABLE_VISIBILITY = '108' +UNINITIALIZED_STORAGE_POINTER = '109' +ASSERT_VIOLATION = '110' +DEPRICATED_FUNCTIONS_USAGE = '111' +DELEGATECALL_TO_UNTRUSTED_CONTRACT = '112' +MULTIPLE_SENDS = '113' +TX_ORDER_DEPENDENCE = '114' +TX_ORIGIN_USAGE = '115' +TIMESTAMP_DEPENDENCE = '116' +# TODO: SWC ID 116 is missing, Add it if it's added to the https://github.com/SmartContractSecurity/SWC-registry +INCORRECT_CONSTRUCTOR_NAME = '118' +SHADOWING_STATE_VARIABLES = '119' +WEAK_RANDOMNESS = '120' +SIGNATURE_REPLAY = '121' +IMPROPER_VERIFICATION_BASED_ON_MSG_SENDER = '122' diff --git a/mythril/analysis/templates/report_as_markdown.jinja2 b/mythril/analysis/templates/report_as_markdown.jinja2 index 3f83245f..00781b21 100644 --- a/mythril/analysis/templates/report_as_markdown.jinja2 +++ b/mythril/analysis/templates/report_as_markdown.jinja2 @@ -3,7 +3,7 @@ {% for issue in issues %} ## {{ issue.title }} - +- SWC ID: {{ issue.swc_id }} - Type: {{ issue.type }} - Contract: {{ issue.contract | default("Unknown") }} - Function name: `{{ issue.function }}` diff --git a/mythril/analysis/templates/report_as_text.jinja2 b/mythril/analysis/templates/report_as_text.jinja2 index 7e7e1482..b126d05a 100644 --- a/mythril/analysis/templates/report_as_text.jinja2 +++ b/mythril/analysis/templates/report_as_text.jinja2 @@ -1,6 +1,7 @@ {% if issues %} {% for issue in issues %} ==== {{ issue.title }} ==== +SWC ID: {{ issue.swc_id }} Type: {{ issue.type }} Contract: {{ issue.contract | default("Unknown") }} Function name: {{ issue.function }} diff --git a/tests/testdata/outputs_expected/calls.sol.o.json b/tests/testdata/outputs_expected/calls.sol.o.json index c8723c44..0454cca4 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.json +++ b/tests/testdata/outputs_expected/calls.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown index fb9e28ff..22d9ad75 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/calls.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Message call to external contract - +- SWC ID: 107 - Type: Informational - Contract: Unknown - Function name: `_function_0x5a6814ec` @@ -12,7 +12,7 @@ This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0x5a6814ec` @@ -23,7 +23,7 @@ This contract executes a message call to to another contract. Make sure that the The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Message call to external contract - +- SWC ID: 107 - Type: Warning - Contract: Unknown - Function name: `_function_0xd24b08cc` @@ -34,7 +34,7 @@ The return value of an external call is not checked. Note that execution continu This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. ## Transaction order dependence - +- SWC ID: 114 - Type: Warning - Contract: Unknown - Function name: `_function_0xd24b08cc` @@ -45,7 +45,7 @@ This contract executes a message call to an address found at storage slot 1. Thi A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0xd24b08cc` @@ -56,7 +56,7 @@ A possible transaction order dependence vulnerability exists in function _functi The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Message call to external contract - +- SWC ID: 107 - Type: Informational - Contract: Unknown - Function name: `_function_0xe11f493e` @@ -67,7 +67,7 @@ The return value of an external call is not checked. Note that execution continu This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. ## State change after external call - +- SWC ID: 107 - Type: Warning - Contract: Unknown - Function name: `_function_0xe11f493e` @@ -78,7 +78,7 @@ This contract executes a message call to to another contract. Make sure that the The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0xe11f493e` @@ -89,7 +89,7 @@ The contract account state is changed after an external call. Consider that the The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Message call to external contract - +- SWC ID: 107 - Type: Warning - Contract: Unknown - Function name: `_function_0xe1d10f79` @@ -100,7 +100,7 @@ The return value of an external call is not checked. Note that execution continu This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0xe1d10f79` diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text index c0ce9b71..b8588c29 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ b/tests/testdata/outputs_expected/calls.sol.o.text @@ -1,4 +1,5 @@ ==== Message call to external contract ==== +SWC ID: 107 Type: Informational Contract: Unknown Function name: _function_0x5a6814ec @@ -7,6 +8,7 @@ This contract executes a message call to to another contract. Make sure that the -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0x5a6814ec @@ -15,6 +17,7 @@ The return value of an external call is not checked. Note that execution continu -------------------- ==== Message call to external contract ==== +SWC ID: 107 Type: Warning Contract: Unknown Function name: _function_0xd24b08cc @@ -23,6 +26,7 @@ This contract executes a message call to an address found at storage slot 1. Thi -------------------- ==== Transaction order dependence ==== +SWC ID: 114 Type: Warning Contract: Unknown Function name: _function_0xd24b08cc @@ -31,6 +35,7 @@ A possible transaction order dependence vulnerability exists in function _functi -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0xd24b08cc @@ -39,6 +44,7 @@ The return value of an external call is not checked. Note that execution continu -------------------- ==== Message call to external contract ==== +SWC ID: 107 Type: Informational Contract: Unknown Function name: _function_0xe11f493e @@ -47,6 +53,7 @@ This contract executes a message call to to another contract. Make sure that the -------------------- ==== State change after external call ==== +SWC ID: 107 Type: Warning Contract: Unknown Function name: _function_0xe11f493e @@ -55,6 +62,7 @@ The contract account state is changed after an external call. Consider that the -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0xe11f493e @@ -63,6 +71,7 @@ The return value of an external call is not checked. Note that execution continu -------------------- ==== Message call to external contract ==== +SWC ID: 107 Type: Warning Contract: Unknown Function name: _function_0xe1d10f79 @@ -71,6 +80,7 @@ This contract executes a message call to an address provided as a function argum -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0xe1d10f79 diff --git a/tests/testdata/outputs_expected/environments.sol.o.json b/tests/testdata/outputs_expected/environments.sol.o.json index f335f368..20d5d5be 100644 --- a/tests/testdata/outputs_expected/environments.sol.o.json +++ b/tests/testdata/outputs_expected/environments.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `_function_0x83f12fec`.\nThe subtraction may result in a value < 0.", "function": "_function_0x83f12fec", "title": "Integer Underflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `_function_0x83f12fec`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `_function_0x83f12fec`.\nThe subtraction may result in a value < 0.", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/environments.sol.o.markdown b/tests/testdata/outputs_expected/environments.sol.o.markdown index 66157a20..201f8882 100644 --- a/tests/testdata/outputs_expected/environments.sol.o.markdown +++ b/tests/testdata/outputs_expected/environments.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Integer Overflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `_function_0x83f12fec` @@ -13,7 +13,7 @@ A possible integer overflow exists in the function `_function_0x83f12fec`. The addition or multiplication may result in a value higher than the maximum representable integer. ## Integer Overflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `_function_0x83f12fec` @@ -25,7 +25,7 @@ A possible integer overflow exists in the function `_function_0x83f12fec`. The addition or multiplication may result in a value higher than the maximum representable integer. ## Integer Underflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `_function_0x83f12fec` diff --git a/tests/testdata/outputs_expected/environments.sol.o.text b/tests/testdata/outputs_expected/environments.sol.o.text index 991518a2..6adfb9a6 100644 --- a/tests/testdata/outputs_expected/environments.sol.o.text +++ b/tests/testdata/outputs_expected/environments.sol.o.text @@ -1,4 +1,5 @@ ==== Integer Overflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: _function_0x83f12fec @@ -8,6 +9,7 @@ The addition or multiplication may result in a value higher than the maximum rep -------------------- ==== Integer Overflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: _function_0x83f12fec @@ -17,6 +19,7 @@ The addition or multiplication may result in a value higher than the maximum rep -------------------- ==== Integer Underflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: _function_0x83f12fec diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.json b/tests/testdata/outputs_expected/ether_send.sol.o.json index d893749f..407c4912 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.o.json +++ b/tests/testdata/outputs_expected/ether_send.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/ether_send.sol.o.markdown index e5a3f7cd..264ac963 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.o.markdown +++ b/tests/testdata/outputs_expected/ether_send.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Ether send - +- SWC ID: 105 - Type: Warning - Contract: Unknown - Function name: `withdrawfunds()` @@ -14,7 +14,7 @@ In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.send There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. ## Integer Overflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `invest()` diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.text b/tests/testdata/outputs_expected/ether_send.sol.o.text index d6d548c7..2135800f 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.o.text +++ b/tests/testdata/outputs_expected/ether_send.sol.o.text @@ -1,4 +1,5 @@ ==== Ether send ==== +SWC ID: 105 Type: Warning Contract: Unknown Function name: withdrawfunds() @@ -9,6 +10,7 @@ There is a check on storage index 1. This storage slot can be written to by call -------------------- ==== Integer Overflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: invest() diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.json b/tests/testdata/outputs_expected/exceptions.sol.o.json index e923bb3a..4d913166 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.o.json +++ b/tests/testdata/outputs_expected/exceptions.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/exceptions.sol.o.markdown index 337dfa99..bf2756be 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.o.markdown +++ b/tests/testdata/outputs_expected/exceptions.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Exception state - +- SWC ID: 110 - Type: Informational - Contract: Unknown - Function name: `_function_0x546455b5` @@ -12,7 +12,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ## Exception state - +- SWC ID: 110 - Type: Informational - Contract: Unknown - Function name: `_function_0x92dd38ea` @@ -23,7 +23,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ## Exception state - +- SWC ID: 110 - Type: Informational - Contract: Unknown - Function name: `_function_0xa08299f1` @@ -34,7 +34,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ## Exception state - +- SWC ID: 110 - Type: Informational - Contract: Unknown - Function name: `_function_0xb34c3610` diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.text b/tests/testdata/outputs_expected/exceptions.sol.o.text index 1cfc4adc..1473c77c 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.o.text +++ b/tests/testdata/outputs_expected/exceptions.sol.o.text @@ -1,4 +1,5 @@ ==== Exception state ==== +SWC ID: 110 Type: Informational Contract: Unknown Function name: _function_0x546455b5 @@ -7,6 +8,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ -------------------- ==== Exception state ==== +SWC ID: 110 Type: Informational Contract: Unknown Function name: _function_0x92dd38ea @@ -15,6 +17,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ -------------------- ==== Exception state ==== +SWC ID: 110 Type: Informational Contract: Unknown Function name: _function_0xa08299f1 @@ -23,6 +26,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ -------------------- ==== Exception state ==== +SWC ID: 110 Type: Informational Contract: Unknown Function name: _function_0xb34c3610 diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json index ccdf57c0..4c42213f 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown index 40003ab4..7208086f 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0x141f32ff` @@ -12,7 +12,7 @@ The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0x9b58bc26` @@ -23,7 +23,7 @@ The return value of an external call is not checked. Note that execution continu The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Message call to external contract - +- SWC ID: 107 - Type: Warning - Contract: Unknown - Function name: `_function_0xeea4c864` @@ -34,7 +34,7 @@ The return value of an external call is not checked. Note that execution continu This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0xeea4c864` diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text index e08de551..46f49440 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text @@ -1,4 +1,5 @@ ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0x141f32ff @@ -7,6 +8,7 @@ The return value of an external call is not checked. Note that execution continu -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0x9b58bc26 @@ -15,6 +17,7 @@ The return value of an external call is not checked. Note that execution continu -------------------- ==== Message call to external contract ==== +SWC ID: 107 Type: Warning Contract: Unknown Function name: _function_0xeea4c864 @@ -23,6 +26,7 @@ This contract executes a message call to an address provided as a function argum -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0xeea4c864 diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/multi_contracts.sol.o.json index 1d4a5e35..54eac503 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.json +++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "title": "Ether send", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown index 22db2dfc..b146f22f 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown +++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Ether send - +- SWC ID: 105 - Type: Warning - Contract: Unknown - Function name: `_function_0x8a4068dd` diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/multi_contracts.sol.o.text index 9369353e..c44c2d18 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.text +++ b/tests/testdata/outputs_expected/multi_contracts.sol.o.text @@ -1,4 +1,5 @@ ==== Ether send ==== +SWC ID: 105 Type: Warning Contract: Unknown Function name: _function_0x8a4068dd diff --git a/tests/testdata/outputs_expected/origin.sol.o.json b/tests/testdata/outputs_expected/origin.sol.o.json index 1ac2d554..640bce9c 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.json +++ b/tests/testdata/outputs_expected/origin.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/origin.sol.o.markdown b/tests/testdata/outputs_expected/origin.sol.o.markdown index d35e697e..772ef122 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.markdown +++ b/tests/testdata/outputs_expected/origin.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Use of tx.origin - +- SWC ID: 115 - Type: Warning - Contract: Unknown - Function name: `transferOwnership(address)` @@ -9,5 +9,5 @@ ### Description -Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/origin.sol.o.text b/tests/testdata/outputs_expected/origin.sol.o.text index 9eb9c055..f159a8eb 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.text +++ b/tests/testdata/outputs_expected/origin.sol.o.text @@ -1,9 +1,10 @@ ==== Use of tx.origin ==== +SWC ID: 115 Type: Warning Contract: Unknown Function name: transferOwnership(address) PC address: 317 -Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin -------------------- diff --git a/tests/testdata/outputs_expected/overflow.sol.o.json b/tests/testdata/outputs_expected/overflow.sol.o.json index 341e5b46..68ade21b 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.json +++ b/tests/testdata/outputs_expected/overflow.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown index 8baede40..d50ecc59 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/overflow.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Integer Underflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` @@ -13,7 +13,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. ## Integer Underflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` @@ -25,7 +25,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. ## Integer Overflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text index bd2a4c99..c41cd641 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ b/tests/testdata/outputs_expected/overflow.sol.o.text @@ -1,4 +1,5 @@ ==== Integer Underflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) @@ -8,6 +9,7 @@ The subtraction may result in a value < 0. -------------------- ==== Integer Underflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) @@ -17,6 +19,7 @@ The subtraction may result in a value < 0. -------------------- ==== Integer Overflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.json b/tests/testdata/outputs_expected/returnvalue.sol.o.json index 11ebd735..81ee3cb3 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.json +++ b/tests/testdata/outputs_expected/returnvalue.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown index 3d12c700..f3a058bd 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown +++ b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Message call to external contract - +- SWC ID: 107 - Type: Informational - Contract: Unknown - Function name: `_function_0x633ab5e0` @@ -12,7 +12,7 @@ This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. ## Message call to external contract - +- SWC ID: 107 - Type: Informational - Contract: Unknown - Function name: `_function_0xe3bea282` @@ -23,7 +23,7 @@ This contract executes a message call to to another contract. Make sure that the This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. ## Unchecked CALL return value - +- SWC ID: 104 - Type: Informational - Contract: Unknown - Function name: `_function_0xe3bea282` diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.text b/tests/testdata/outputs_expected/returnvalue.sol.o.text index c7a67ecb..2a8b1470 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.text +++ b/tests/testdata/outputs_expected/returnvalue.sol.o.text @@ -1,4 +1,5 @@ ==== Message call to external contract ==== +SWC ID: 107 Type: Informational Contract: Unknown Function name: _function_0x633ab5e0 @@ -7,6 +8,7 @@ This contract executes a message call to to another contract. Make sure that the -------------------- ==== Message call to external contract ==== +SWC ID: 107 Type: Informational Contract: Unknown Function name: _function_0xe3bea282 @@ -15,6 +17,7 @@ This contract executes a message call to to another contract. Make sure that the -------------------- ==== Unchecked CALL return value ==== +SWC ID: 104 Type: Informational Contract: Unknown Function name: _function_0xe3bea282 diff --git a/tests/testdata/outputs_expected/suicide.sol.o.json b/tests/testdata/outputs_expected/suicide.sol.o.json index a023d575..cac3a1ac 100644 --- a/tests/testdata/outputs_expected/suicide.sol.o.json +++ b/tests/testdata/outputs_expected/suicide.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/suicide.sol.o.markdown b/tests/testdata/outputs_expected/suicide.sol.o.markdown index 0f51764f..12be4413 100644 --- a/tests/testdata/outputs_expected/suicide.sol.o.markdown +++ b/tests/testdata/outputs_expected/suicide.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Unchecked SUICIDE - +- SWC ID: 106 - Type: Warning - Contract: Unknown - Function name: `_function_0xcbf0b0c0` diff --git a/tests/testdata/outputs_expected/suicide.sol.o.text b/tests/testdata/outputs_expected/suicide.sol.o.text index 59710c11..2b9117d4 100644 --- a/tests/testdata/outputs_expected/suicide.sol.o.text +++ b/tests/testdata/outputs_expected/suicide.sol.o.text @@ -1,4 +1,5 @@ ==== Unchecked SUICIDE ==== +SWC ID: 106 Type: Warning Contract: Unknown Function name: _function_0xcbf0b0c0 diff --git a/tests/testdata/outputs_expected/underflow.sol.o.json b/tests/testdata/outputs_expected/underflow.sol.o.json index 341e5b46..68ade21b 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.json +++ b/tests/testdata/outputs_expected/underflow.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "A possible integer underflow exists in the function `sendeth(address,uint256)`.\nThe subtraction may result in a value < 0.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "A possible integer overflow exists in the function `sendeth(address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown index 8baede40..d50ecc59 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/underflow.sol.o.markdown @@ -1,7 +1,7 @@ # Analysis results for test-filename.sol ## Integer Underflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` @@ -13,7 +13,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. ## Integer Underflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` @@ -25,7 +25,7 @@ A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. ## Integer Overflow - +- SWC ID: 101 - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text index bd2a4c99..c41cd641 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ b/tests/testdata/outputs_expected/underflow.sol.o.text @@ -1,4 +1,5 @@ ==== Integer Underflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) @@ -8,6 +9,7 @@ The subtraction may result in a value < 0. -------------------- ==== Integer Underflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) @@ -17,6 +19,7 @@ The subtraction may result in a value < 0. -------------------- ==== Integer Overflow ==== +SWC ID: 101 Type: Warning Contract: Unknown Function name: sendeth(address,uint256) From 2b45816d430a1bd737aa417fa25f7d5bb8f3625f Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Fri, 28 Sep 2018 19:02:55 +0530 Subject: [PATCH 005/213] Add swc id to dependence_on_predictable_vars --- .../modules/dependence_on_predictable_vars.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index 6395c0e3..d64fd459 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -3,7 +3,7 @@ from z3 import * from mythril.analysis.ops import VarType from mythril.analysis import solver from mythril.analysis.report import Issue -from mythril.analysis.swc_data import * +from mythril.analysis.swc_data import TIMESTAMP_DEPENDENCE from mythril.exceptions import UnsatError import logging @@ -57,7 +57,7 @@ def execute(statespace): description += "- block.{}\n".format(item) if solve(call): issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, - swc_id=SHADOWING_STATE_VARIABLES, title="Dependence on predictable environment variable", + swc_id=TIMESTAMP_DEPENDENCE, title="Dependence on predictable environment variable", _type="Warning", description=description) issues.append(issue) @@ -85,8 +85,9 @@ def execute(statespace): " is used to determine Ether recipient" description += ", this expression will always be equal to zero." - issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable variable", - "Warning", description) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, + address=address, title="Dependence on predictable variable", + _type="Warning", description=description) issues.append(issue) break else: @@ -105,8 +106,9 @@ def execute(statespace): if index and solve(call): description += 'block.blockhash() is calculated using a value from storage ' \ 'at index {}'.format(index) - issue = Issue(call.node.contract_name, call.node.function_name, address, "Dependence on predictable variable", - "Informational", description) + issue = Issue(contract=call.node.contract_name, function=call.node.function_name, + address=address, title="Dependence on predictable variable", + _type="Informational", description=description, swc_id=TIMESTAMP_DEPENDENCE) issues.append(issue) break return issues From e0b955b7459126f5c605a8d922c320040d8af596 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Fri, 28 Sep 2018 19:05:04 +0530 Subject: [PATCH 006/213] fix the blocktimestamp swc --- mythril/analysis/modules/dependence_on_predictable_vars.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index d64fd459..7c909960 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -87,7 +87,7 @@ def execute(statespace): issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, title="Dependence on predictable variable", - _type="Warning", description=description) + _type="Warning", description=description, swc_id=TIMESTAMP_DEPENDENCE) issues.append(issue) break else: From 326ed2440359f514473bc7bf08033cae58f79d5e Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Sat, 29 Sep 2018 11:39:44 +0530 Subject: [PATCH 007/213] Add the predictable vars dependence --- .../modules/dependence_on_predictable_vars.py | 12 ++++++++---- mythril/analysis/swc_data.py | 2 ++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index 7c909960..c58d4e33 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -3,7 +3,7 @@ from z3 import * from mythril.analysis.ops import VarType from mythril.analysis import solver from mythril.analysis.report import Issue -from mythril.analysis.swc_data import TIMESTAMP_DEPENDENCE +from mythril.analysis.swc_data import TIMESTAMP_DEPENDENCE, PREDICTABLE_VARS_DEPENDENCE from mythril.exceptions import UnsatError import logging @@ -56,8 +56,12 @@ def execute(statespace): for item in found: description += "- block.{}\n".format(item) if solve(call): + if item == 'timestamp': + swc_type = TIMESTAMP_DEPENDENCE + else: + swc_type = PREDICTABLE_VARS_DEPENDENCE issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, - swc_id=TIMESTAMP_DEPENDENCE, title="Dependence on predictable environment variable", + swc_id=swc_type, title="Dependence on predictable environment variable", _type="Warning", description=description) issues.append(issue) @@ -87,7 +91,7 @@ def execute(statespace): issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, title="Dependence on predictable variable", - _type="Warning", description=description, swc_id=TIMESTAMP_DEPENDENCE) + _type="Warning", description=description, swc_id=PREDICTABLE_VARS_DEPENDENCE) issues.append(issue) break else: @@ -108,7 +112,7 @@ def execute(statespace): 'at index {}'.format(index) issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, title="Dependence on predictable variable", - _type="Informational", description=description, swc_id=TIMESTAMP_DEPENDENCE) + _type="Informational", description=description, swc_id=PREDICTABLE_VARS_DEPENDENCE) issues.append(issue) break return issues diff --git a/mythril/analysis/swc_data.py b/mythril/analysis/swc_data.py index 204dc6da..3ab8f9b4 100644 --- a/mythril/analysis/swc_data.py +++ b/mythril/analysis/swc_data.py @@ -21,3 +21,5 @@ SHADOWING_STATE_VARIABLES = '119' WEAK_RANDOMNESS = '120' SIGNATURE_REPLAY = '121' IMPROPER_VERIFICATION_BASED_ON_MSG_SENDER = '122' + +PREDICTABLE_VARS_DEPENDENCE = 'N/A' # TODO: Add the swc id when this is added to the SWC Registry From c37bef3a3393a30b83e7ca47d4e8c18f784506a4 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Sat, 29 Sep 2018 11:40:56 +0530 Subject: [PATCH 008/213] cleanup --- mythril/analysis/modules/dependence_on_predictable_vars.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index c58d4e33..56cc3156 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -56,10 +56,7 @@ def execute(statespace): for item in found: description += "- block.{}\n".format(item) if solve(call): - if item == 'timestamp': - swc_type = TIMESTAMP_DEPENDENCE - else: - swc_type = PREDICTABLE_VARS_DEPENDENCE + swc_type = TIMESTAMP_DEPENDENCE if item == 'timestamp' else PREDICTABLE_VARS_DEPENDENCE issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, swc_id=swc_type, title="Dependence on predictable environment variable", _type="Warning", description=description) From 6121969e222457ff1459b511eff36217f029098e Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Sat, 29 Sep 2018 20:44:59 +0700 Subject: [PATCH 009/213] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b9737ba1..b52624c6 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Mythril OSS is the classic security analysis tool for Ethereum smart contracts. Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs! -Oh and by the way, we're now building a whole security tools ecosystem with [Mythril Platform API](https://mythril.ai). You should definitely check that out as well. +Oh and by the way, we're now building a whole security tools ecosystem with [Mythril Platform](https://mythril.ai). You should definitely check that out as well. ## Installation and setup From a7911b7083f183ae477877584f0410f0866a42f0 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Sat, 29 Sep 2018 20:49:05 +0700 Subject: [PATCH 010/213] Add list of articles --- README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b52624c6..aec4b962 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,13 @@ Instructions for using the 'myth' tool are found on the [Wiki](https://github.co For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG). -## Presentations, papers and videos - -- [HITBSecConf 2018 conference paper](https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf) -- [HITBSecConf 2018 - Smashing Ethereum smart contracts for fun and real profit](https://www.youtube.com/watch?v=iqf6epACgds) +## Presentations, papers and articles + +- [Analyzing Ethereum Smart Contracts for Vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df) +- [What Caused the Parity SUICIDE Vulnerability & How to Detect Similar Bugs](https://hackernoon.com/what-caused-the-latest-100-million-ethereum-bug-and-a-detection-tool-for-similar-bugs-7b80f8ab7279) +- [Detecting Integer Overflows in Ethereum Smart Contracts](https://media.consensys.net/detecting-batchoverflow-and-similar-flaws-in-ethereum-smart-contracts-93cf5a5aaac8) +- [How Formal Verification Can Ensure Flawless Smart Contracts](https://media.consensys.net/how-formal-verification-can-ensure-flawless-smart-contracts-cbda8ad99bd1) +- [Smashing Smart Contracts for Fun and Real Profit](https://hackernoon.com/hitb2018ams-smashing-smart-contracts-for-fun-and-real-profit-720f5e3ac777) +- [HITBSecConf 2018 - Presentation video](https://www.youtube.com/watch?v=iqf6epACgds) - [EDCon Toronto 2018 - Mythril: Find bugs and verify security properties in your contracts](https://www.youtube.com/watch?v=NJ9StJThxZY&feature=youtu.be&t=3h3m18s) From 86268ffce3664d3861c639f7da94744b576ae869 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 29 Sep 2018 15:58:35 +0200 Subject: [PATCH 011/213] Adds invalid instruction Exception --- mythril/laser/ethereum/evm_exceptions.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mythril/laser/ethereum/evm_exceptions.py b/mythril/laser/ethereum/evm_exceptions.py index 2f149aca..80223762 100644 --- a/mythril/laser/ethereum/evm_exceptions.py +++ b/mythril/laser/ethereum/evm_exceptions.py @@ -12,3 +12,7 @@ class StackOverflowException(VmException): class InvalidJumpDestination(VmException): pass + + +class InvalidInstruction(VmException): + pass From 88777350e1bc9e5bf8b7eb8d1592113a70edcb4c Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 29 Sep 2018 15:59:50 +0200 Subject: [PATCH 012/213] Raise InvalidJumpDestination exception on invalid op, and optimize imports --- mythril/laser/ethereum/instructions.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 3d5d2bf7..f4bf93a9 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -6,15 +6,15 @@ from ethereum import utils from z3 import Extract, UDiv, simplify, Concat, ULT, UGT, BitVecNumRef, Not, \ is_false, is_expr, ExprRef, URem, SRem, BitVec, Solver, is_true, BitVecVal, If, BoolRef, Or +import mythril.laser.ethereum.natives as natives import mythril.laser.ethereum.util as helper from mythril.laser.ethereum import util from mythril.laser.ethereum.call import get_call_parameters +from mythril.laser.ethereum.evm_exceptions import VmException, StackUnderflowException, InvalidJumpDestination +from mythril.laser.ethereum.keccak import KeccakFunctionManager from mythril.laser.ethereum.state import GlobalState, CalldataType -import mythril.laser.ethereum.natives as natives from mythril.laser.ethereum.transaction import MessageCallTransaction, TransactionStartSignal, \ ContractCreationTransaction -from mythril.laser.ethereum.evm_exceptions import VmException, StackUnderflowException, InvalidJumpDestination -from mythril.laser.ethereum.keccak import KeccakFunctionManager TT256 = 2 ** 256 TT256M1 = 2 ** 256 - 1 @@ -1008,7 +1008,7 @@ class Instruction: @StateTransition() def invalid_(self, global_state): - return [] + raise InvalidJumpDestination @StateTransition() def stop_(self, global_state): From 9bd6a08b47ea317fda5bf3c35536ad1e53a121dd Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 29 Sep 2018 16:05:00 +0200 Subject: [PATCH 013/213] Add justification/documentation to vmExceptionHandling --- mythril/laser/ethereum/svm.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 9abf6ba0..1ea21b53 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -124,6 +124,9 @@ class LaserEVM: new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(global_state) except VmException as e: + # In this case we don't put an unmodified world state in the open_states list + # Since in the case of an exceptional halt all changes should be discarded, and this world state would not + # provide us with a previously unseen world state logging.debug("Encountered a VmException, ending path: `{}`".format(str(e))) new_global_states = [] From dc0e281bd5092138ccdca7c1b3e22c62e2cd2ea4 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 29 Sep 2018 16:22:53 +0200 Subject: [PATCH 014/213] Add assert_fail_ implementation --- mythril/laser/ethereum/instructions.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index f4bf93a9..ea4b56c2 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -1004,7 +1004,8 @@ class Instruction: @StateTransition() def assert_fail_(self, global_state): - return [] + # 0xfe: designated invalid opcode + raise InvalidJumpDestination @StateTransition() def invalid_(self, global_state): From b5722f6948a27c641aad5faaa480e7c0e3484a88 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 1 Oct 2018 14:41:55 +0200 Subject: [PATCH 015/213] im --- mythril/laser/ethereum/svm.py | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 1ea21b53..a2cd294f 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -124,11 +124,31 @@ class LaserEVM: new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(global_state) except VmException as e: - # In this case we don't put an unmodified world state in the open_states list - # Since in the case of an exceptional halt all changes should be discarded, and this world state would not - # provide us with a previously unseen world state - logging.debug("Encountered a VmException, ending path: `{}`".format(str(e))) new_global_states = [] + # transaction, return_global_state = global_state.transaction_stack.pop() + # + # if return_global_state is None: + # # In this case we don't put an unmodified world state in the open_states list Since in the case of an + # # exceptional halt all changes should be discarded, and this world state would not provide us with a + # # previously unseen world state + # logging.debug("Encountered a VmException, ending path: `{}`".format(str(e))) + # new_global_states = [] + # else: + # # First execute the post hook for the transaction ending instruction + # self._execute_post_hook(op_code, [global_state]) + # + # # Resume execution of the transaction initializing instruction + # op_code = return_global_state.environment.code.instruction_list[return_global_state.mstate.pc]['opcode'] + # + # # Set execution result in the return_state + # return_global_state.last_return_data = 0 + # + # # Execute the post instruction handler + # new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(return_global_state, True) + # + # # In order to get a nice call graph we need to set the nodes here + # for state in new_global_states: + # state.node = global_state.node except TransactionStartSignal as e: # Setup new global state From 5a783b2184177b7bfb2f549233a3f4be0f1f8263 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 1 Oct 2018 14:41:55 +0200 Subject: [PATCH 016/213] VmException revert changes --- mythril/laser/ethereum/svm.py | 51 ++++++++++++++++++++++------------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 1ea21b53..14590e9a 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -124,11 +124,18 @@ class LaserEVM: new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(global_state) except VmException as e: - # In this case we don't put an unmodified world state in the open_states list - # Since in the case of an exceptional halt all changes should be discarded, and this world state would not - # provide us with a previously unseen world state - logging.debug("Encountered a VmException, ending path: `{}`".format(str(e))) - new_global_states = [] + transaction, return_global_state = global_state.transaction_stack.pop() + + if return_global_state is None: + # In this case we don't put an unmodified world state in the open_states list Since in the case of an + # exceptional halt all changes should be discarded, and this world state would not provide us with a + # previously unseen world state + logging.debug("Encountered a VmException, ending path: `{}`".format(str(e))) + new_global_states = [] + else: + # First execute the post hook for the transaction ending instruction + self._execute_post_hook(op_code, [global_state]) + new_global_states = self._end_message_call(return_global_state, transaction, global_state, revert_changes=True) except TransactionStartSignal as e: # Setup new global state @@ -152,25 +159,31 @@ class LaserEVM: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [e.global_state]) - # Resume execution of the transaction initializing instruction - op_code = return_global_state.environment.code.instruction_list[return_global_state.mstate.pc]['opcode'] + new_global_states = self._end_message_call(return_global_state, transaction, global_state, revert_changes=False) - # Set execution result in the return_state - return_global_state.last_return_data = transaction.return_data - return_global_state.world_state = copy(global_state.world_state) - return_global_state.environment.active_account = \ - global_state.accounts[return_global_state.environment.active_account.address] + self._execute_post_hook(op_code, new_global_states) - # Execute the post instruction handler - new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(return_global_state, True) + return new_global_states, op_code - # In order to get a nice call graph we need to set the nodes here - for state in new_global_states: - state.node = global_state.node + def _end_message_call(self, return_global_state, transaction, global_state, revert_changes=False): + # Resume execution of the transaction initializing instruction + op_code = return_global_state.environment.code.instruction_list[return_global_state.mstate.pc]['opcode'] - self._execute_post_hook(op_code, new_global_states) + # Set execution result in the return_state + return_global_state.last_return_data = transaction.return_data + if not revert_changes: + return_global_state.world_state = copy(global_state.world_state) + return_global_state.environment.active_account = \ + global_state.accounts[return_global_state.environment.active_account.address] - return new_global_states, op_code + # Execute the post instruction handler + new_global_states = Instruction(op_code, self.dynamic_loader).evaluate(return_global_state, True) + + # In order to get a nice call graph we need to set the nodes here + for state in new_global_states: + state.node = global_state.node + + return new_global_states def _measure_coverage(self, global_state): code = global_state.environment.code.bytecode From 1ea3f00de2a835ec3ea99a5c9e5b185ec2a915aa Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 1 Oct 2018 14:56:14 +0200 Subject: [PATCH 017/213] Use correct exception --- mythril/laser/ethereum/instructions.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index ea4b56c2..a7c19959 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -10,7 +10,8 @@ import mythril.laser.ethereum.natives as natives import mythril.laser.ethereum.util as helper from mythril.laser.ethereum import util from mythril.laser.ethereum.call import get_call_parameters -from mythril.laser.ethereum.evm_exceptions import VmException, StackUnderflowException, InvalidJumpDestination +from mythril.laser.ethereum.evm_exceptions import VmException, StackUnderflowException, InvalidJumpDestination, \ + InvalidInstruction from mythril.laser.ethereum.keccak import KeccakFunctionManager from mythril.laser.ethereum.state import GlobalState, CalldataType from mythril.laser.ethereum.transaction import MessageCallTransaction, TransactionStartSignal, \ @@ -1005,11 +1006,11 @@ class Instruction: @StateTransition() def assert_fail_(self, global_state): # 0xfe: designated invalid opcode - raise InvalidJumpDestination + raise InvalidInstruction @StateTransition() def invalid_(self, global_state): - raise InvalidJumpDestination + raise InvalidInstruction @StateTransition() def stop_(self, global_state): From 87d485ac67d90dee05f5aba37ae7d658f05339b9 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 1 Oct 2018 15:15:52 +0200 Subject: [PATCH 018/213] Implement returndata --- mythril/laser/ethereum/svm.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 14590e9a..f68ba7b9 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -135,7 +135,8 @@ class LaserEVM: else: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [global_state]) - new_global_states = self._end_message_call(return_global_state, transaction, global_state, revert_changes=True) + new_global_states = self._end_message_call(return_global_state, transaction, global_state, + revert_changes=True, return_data=0) except TransactionStartSignal as e: # Setup new global state @@ -159,18 +160,19 @@ class LaserEVM: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [e.global_state]) - new_global_states = self._end_message_call(return_global_state, transaction, global_state, revert_changes=False) + new_global_states = self._end_message_call(return_global_state, transaction, global_state, + revert_changes=False, return_data=transaction.return_data) self._execute_post_hook(op_code, new_global_states) return new_global_states, op_code - def _end_message_call(self, return_global_state, transaction, global_state, revert_changes=False): + def _end_message_call(self, return_global_state, global_state, revert_changes=False, return_data=0): # Resume execution of the transaction initializing instruction op_code = return_global_state.environment.code.instruction_list[return_global_state.mstate.pc]['opcode'] # Set execution result in the return_state - return_global_state.last_return_data = transaction.return_data + return_global_state.last_return_data = return_data if not revert_changes: return_global_state.world_state = copy(global_state.world_state) return_global_state.environment.active_account = \ From 190cb523c9db582a655e6da2c34792d6ad734d0d Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 1 Oct 2018 15:31:18 +0200 Subject: [PATCH 019/213] Remove unused argument --- mythril/laser/ethereum/svm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index f68ba7b9..f4387e62 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -135,7 +135,7 @@ class LaserEVM: else: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [global_state]) - new_global_states = self._end_message_call(return_global_state, transaction, global_state, + new_global_states = self._end_message_call(return_global_state, global_state, revert_changes=True, return_data=0) except TransactionStartSignal as e: @@ -160,7 +160,7 @@ class LaserEVM: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [e.global_state]) - new_global_states = self._end_message_call(return_global_state, transaction, global_state, + new_global_states = self._end_message_call(return_global_state, global_state, revert_changes=False, return_data=transaction.return_data) self._execute_post_hook(op_code, new_global_states) From 6e0d775c09f32bb9e757b53b7f8d768f618f452a Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 1 Oct 2018 20:05:46 +0530 Subject: [PATCH 020/213] Remove all broad exception catches in laser --- mythril/laser/ethereum/call.py | 1 + mythril/laser/ethereum/instructions.py | 80 +++++++++++--------------- mythril/laser/ethereum/util.py | 12 +++- mythril/support/loader.py | 2 +- 4 files changed, 46 insertions(+), 49 deletions(-) diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 31e6990e..b2f6a9f7 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -63,6 +63,7 @@ def get_callee_address(global_state:GlobalState, dynamic_loader: DynLoader, symb # attempt to read the contract address from instance storage try: callee_address = dynamic_loader.read_storage(environment.active_account.address, index) + # TODO: verify whether this happens or not except: logging.debug("Error accessing contract storage.") raise ValueError diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 3d5d2bf7..27172f0a 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -264,18 +264,17 @@ class Instruction: try: s0 = util.get_concrete_int(s0) s1 = util.get_concrete_int(s1) + except ValueError: + return [] - if s0 <= 31: - testbit = s0 * 8 + 7 - if s1 & (1 << testbit): - state.stack.append(s1 | (TT256 - (1 << testbit))) - else: - state.stack.append(s1 & ((1 << testbit) - 1)) + if s0 <= 31: + testbit = s0 * 8 + 7 + if s1 & (1 << testbit): + state.stack.append(s1 | (TT256 - (1 << testbit))) else: - state.stack.append(s1) - # TODO: broad exception handler - except: - return [] + state.stack.append(s1 & ((1 << testbit) - 1)) + else: + state.stack.append(s1) return [global_state] @@ -367,16 +366,15 @@ class Instruction: return [global_state] if type(b) == int: - val = b'' try: - for i in range(offset, offset + 32): - val += environment.calldata[i].to_bytes(1, byteorder='big') + val = b''.join([calldata.to_bytes(1, byteorder='big') for calldata in + environment.calldata[offset:offset+32]]) logging.debug("Final value: " + str(int.from_bytes(val, byteorder='big'))) state.stack.append(BitVecVal(int.from_bytes(val, byteorder='big'), 256)) - # FIXME: broad exception catch - except: + + except (util.ConcreteIntException, AttributeError): state.stack.append(global_state.new_bitvec( "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) else: @@ -404,16 +402,14 @@ class Instruction: try: mstart = util.get_concrete_int(op0) - # FIXME: broad exception catch - except: + except util.ConcreteIntException: logging.debug("Unsupported symbolic memory offset in CALLDATACOPY") return [global_state] dstart_sym = False try: dstart = util.get_concrete_int(op1) - # FIXME: broad exception catch - except: + except util.ConcreteIntException: logging.debug("Unsupported symbolic calldata offset in CALLDATACOPY") dstart = simplify(op1) dstart_sym = True @@ -421,8 +417,7 @@ class Instruction: size_sym = False try: size = util.get_concrete_int(op2) - # FIXME: broad exception catch - except: + except util.ConcreteIntException: logging.debug("Unsupported symbolic size in CALLDATACOPY") size = simplify(op2) size_sym = True @@ -437,8 +432,7 @@ class Instruction: if size > 0: try: state.mem_extend(mstart, size) - # FIXME: broad exception catch - except: + except TypeError: logging.debug("Memory allocation error: mstart = " + str(mstart) + ", size = " + str(size)) state.mem_extend(mstart, 1) state.memory[mstart] = global_state.new_bitvec( @@ -452,7 +446,7 @@ class Instruction: for i in range(mstart, mstart + size): state.memory[i] = environment.calldata[i_data] i_data += 1 - except: + except IndexError: logging.debug("Exception copying calldata to memory") state.memory[mstart] = global_state.new_bitvec( @@ -507,8 +501,7 @@ class Instruction: try: index, length = util.get_concrete_int(op0), util.get_concrete_int(op1) - # FIXME: broad exception catch - except: + except util.ConcreteIntException: # Can't access symbolic memory offsets if is_expr(op0): op0 = simplify(op0) @@ -520,7 +513,7 @@ class Instruction: data = b''.join([util.get_concrete_int(i).to_bytes(1, byteorder='big') for i in state.memory[index: index + length]]) - except AttributeError: + except util.ConcreteIntException: argument = str(state.memory[index]).replace(" ", "_") result = BitVec("KECCAC[{}]".format(argument), 256) @@ -552,7 +545,7 @@ class Instruction: try: concrete_size = helper.get_concrete_int(size) global_state.mstate.mem_extend(concrete_memory_offset, concrete_size) - except: + except (util.ConcreteIntException, TypeError): # except both attribute error and Exception global_state.mstate.mem_extend(concrete_memory_offset, 1) global_state.mstate.memory[concrete_memory_offset] = \ @@ -694,7 +687,7 @@ class Instruction: try: mstart = util.get_concrete_int(op0) - except AttributeError: + except util.ConcreteIntException: logging.debug("MSTORE to symbolic index. Not supported") return [global_state] @@ -707,17 +700,15 @@ class Instruction: try: # Attempt to concretize value + _bytes = util.concrete_int_to_bytes(value) - i = 0 + state.memory[mstart:mstart+len(_bytes)] = _bytes - for b in _bytes: - state.memory[mstart + i] = _bytes[i] - i += 1 - except: + except (AttributeError, TypeError): try: state.memory[mstart] = value - except: + except TypeError: logging.debug("Invalid memory access") return [global_state] @@ -729,7 +720,7 @@ class Instruction: try: offset = util.get_concrete_int(op0) - except AttributeError: + except util.ConcreteIntException: logging.debug("MSTORE to symbolic index. Not supported") return [global_state] @@ -750,7 +741,7 @@ class Instruction: index = util.get_concrete_int(index) return self._sload_helper(global_state, index) - except AttributeError: + except util.ConcreteIntException: if not keccak_function_manager.is_keccak(index): return self._sload_helper(global_state, str(index)) @@ -811,7 +802,7 @@ class Instruction: try: index = util.get_concrete_int(index) return self._sstore_helper(global_state, index, value) - except AttributeError: + except util.ConcreteIntException: is_keccak = keccak_function_manager.is_keccak(index) if not is_keccak: return self._sstore_helper(global_state, str(index), value) @@ -864,7 +855,7 @@ class Instruction: disassembly = global_state.environment.code try: jump_addr = util.get_concrete_int(state.stack.pop()) - except AttributeError: + except util.ConcreteIntException: raise InvalidJumpDestination("Invalid jump argument (symbolic address)") except IndexError: raise StackUnderflowException() @@ -894,8 +885,7 @@ class Instruction: try: jump_addr = util.get_concrete_int(op0) - # FIXME: to broad exception handler - except: + except util.ConcreteIntException: logging.debug("Skipping JUMPI to invalid destination.") global_state.mstate.pc += 1 return [global_state] @@ -975,7 +965,7 @@ class Instruction: return_data = [global_state.new_bitvec("return_data", 256)] try: return_data = state.memory[util.get_concrete_int(offset):util.get_concrete_int(offset + length)] - except AttributeError: + except util.ConcreteIntException: logging.debug("Return with symbolic length or offset. Not supported") global_state.current_transaction.end(global_state, return_data) @@ -1098,7 +1088,7 @@ class Instruction: try: memory_out_offset = util.get_concrete_int(memory_out_offset) if isinstance(memory_out_offset, ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except AttributeError: + except util.ConcreteIntException: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] @@ -1166,7 +1156,7 @@ class Instruction: try: memory_out_offset = util.get_concrete_int(memory_out_offset) if isinstance(memory_out_offset, ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except AttributeError: + except util.ConcreteIntException: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] @@ -1238,7 +1228,7 @@ class Instruction: ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except AttributeError: + except util.ConcreteIntException: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] diff --git a/mythril/laser/ethereum/util.py b/mythril/laser/ethereum/util.py index c6c8e5ce..7b9061ea 100644 --- a/mythril/laser/ethereum/util.py +++ b/mythril/laser/ethereum/util.py @@ -10,6 +10,10 @@ TT256M1 = 2 ** 256 - 1 TT255 = 2 ** 255 +class ConcreteIntException(AttributeError): + pass + + def sha3(seed): return _sha3.keccak_256(bytes(seed)).digest() @@ -80,10 +84,12 @@ def get_concrete_int(item): elif is_true(simplified): return 1 else: - raise ValueError("Symbolic boolref encountered") - - return simplify(item).as_long() + raise ConcreteIntException("Symbolic boolref encountered") + try: + return simplify(item).as_long() + except AttributeError: + raise ConcreteIntException("Got a symbolic BitVecRef") def concrete_int_from_bytes(_bytes, start_index): diff --git a/mythril/support/loader.py b/mythril/support/loader.py index 7c0855ec..16d2e683 100644 --- a/mythril/support/loader.py +++ b/mythril/support/loader.py @@ -47,7 +47,7 @@ class DynLoader: code = self.eth.eth_getCode(dependency_address) - if (code == "0x"): + if code == "0x": return None else: return Disassembly(code) From 6fab94528a21d56dd079b6de5f003d50aa12f6a6 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Thu, 4 Oct 2018 18:41:59 +0200 Subject: [PATCH 021/213] Make return data None on exception state --- mythril/laser/ethereum/svm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index f4387e62..cdf85484 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -136,7 +136,7 @@ class LaserEVM: # First execute the post hook for the transaction ending instruction self._execute_post_hook(op_code, [global_state]) new_global_states = self._end_message_call(return_global_state, global_state, - revert_changes=True, return_data=0) + revert_changes=True, return_data=None) except TransactionStartSignal as e: # Setup new global state @@ -167,7 +167,7 @@ class LaserEVM: return new_global_states, op_code - def _end_message_call(self, return_global_state, global_state, revert_changes=False, return_data=0): + def _end_message_call(self, return_global_state, global_state, revert_changes=False, return_data=None): # Resume execution of the transaction initializing instruction op_code = return_global_state.environment.code.instruction_list[return_global_state.mstate.pc]['opcode'] From d7df0c132cebb6f69f78c8c26c9ad5866f525e8f Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Sun, 7 Oct 2018 13:48:38 +0530 Subject: [PATCH 022/213] check for new records to work on --- mythril/laser/ethereum/taint_analysis.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/taint_analysis.py b/mythril/laser/ethereum/taint_analysis.py index 2fdb0c52..7fd9536d 100644 --- a/mythril/laser/ethereum/taint_analysis.py +++ b/mythril/laser/ethereum/taint_analysis.py @@ -107,7 +107,8 @@ class TaintRunner: records = TaintRunner.execute_node(node, record, index) result.add_records(records) - + if len(records) == 0: # continue if there is no record to work on + continue children = TaintRunner.children(node, statespace, environment, transaction_stack_length) for child in children: current_nodes.append((child, records[-1], 0)) From 2c72a5b0e4f6955543cb0f19301b8531e82559a8 Mon Sep 17 00:00:00 2001 From: tintinweb Date: Sun, 7 Oct 2018 13:46:48 +0200 Subject: [PATCH 023/213] fix signature db throwing FileNotFoundError when myhtril is used as a library but init mythril dirs was never called (common case for libs) --- mythril/support/signatures.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mythril/support/signatures.py b/mythril/support/signatures.py index 9b64a2c6..b93d0048 100644 --- a/mythril/support/signatures.py +++ b/mythril/support/signatures.py @@ -111,6 +111,8 @@ class SignatureDb(object): :return: self """ path = path or self.signatures_file + directory = os.path.split(path)[0] + if sync and os.path.exists(path): # reload and save if file exists with open(path, "r") as f: @@ -122,7 +124,10 @@ class SignatureDb(object): sigs.update(self.signatures) # reload file and merge cached sigs into what we load from file self.signatures = sigs - + + if not os.path.exists(directory): + os.makedirs(directory) # create folder structure if not existS + if not os.path.exists(path): # creates signatures.json file if it doesn't exist open(path, "w").close() From 2d5b1bbe4a68224b36fe895086aa9ac4e2f4ef29 Mon Sep 17 00:00:00 2001 From: tintinweb Date: Sun, 7 Oct 2018 21:03:58 +0200 Subject: [PATCH 024/213] fix FileNotFoundError if directory is empty (e.g. path is only a file in the pwd) --- mythril/support/signatures.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/support/signatures.py b/mythril/support/signatures.py index b93d0048..7fb8f373 100644 --- a/mythril/support/signatures.py +++ b/mythril/support/signatures.py @@ -125,7 +125,7 @@ class SignatureDb(object): sigs.update(self.signatures) # reload file and merge cached sigs into what we load from file self.signatures = sigs - if not os.path.exists(directory): + if directory and not os.path.exists(directory): os.makedirs(directory) # create folder structure if not existS if not os.path.exists(path): # creates signatures.json file if it doesn't exist From 5e9f613911c2676d530fd36b8b5316a6a633da2b Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 8 Oct 2018 20:04:07 +0200 Subject: [PATCH 025/213] Implement revert --- mythril/laser/ethereum/instructions.py | 9 ++++++++- mythril/laser/ethereum/svm.py | 5 +++-- .../ethereum/transaction/transaction_models.py | 14 +++++++++----- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index a7c19959..cb55447d 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -1001,7 +1001,14 @@ class Instruction: @StateTransition() def revert_(self, global_state): - return [] + state = global_state.mstate + offset, length = state.stack.pop(), state.stack.pop() + return_data = [global_state.new_bitvec("return_data", 256)] + try: + return_data = state.memory[util.get_concrete_int(offset):util.get_concrete_int(offset + length)] + except AttributeError: + logging.debug("Return with symbolic length or offset. Not supported") + global_state.current_transaction.end(global_state, return_data=return_data, revert=True) @StateTransition() def assert_fail_(self, global_state): diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index cdf85484..82a6551c 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -152,7 +152,7 @@ class LaserEVM: transaction, return_global_state = e.global_state.transaction_stack.pop() if return_global_state is None: - if not isinstance(transaction, ContractCreationTransaction) or transaction.return_data: + if (not isinstance(transaction, ContractCreationTransaction) or transaction.return_data) and not e.revert: e.global_state.world_state.node = global_state.node self.open_states.append(e.global_state.world_state) new_global_states = [] @@ -161,7 +161,8 @@ class LaserEVM: self._execute_post_hook(op_code, [e.global_state]) new_global_states = self._end_message_call(return_global_state, global_state, - revert_changes=False, return_data=transaction.return_data) + revert_changes=False or e.revert, + return_data=transaction.return_data) self._execute_post_hook(op_code, new_global_states) diff --git a/mythril/laser/ethereum/transaction/transaction_models.py b/mythril/laser/ethereum/transaction/transaction_models.py index fa60599d..35826bcd 100644 --- a/mythril/laser/ethereum/transaction/transaction_models.py +++ b/mythril/laser/ethereum/transaction/transaction_models.py @@ -12,10 +12,12 @@ def get_next_transaction_id(): _next_transaction_id += 1 return _next_transaction_id + class TransactionEndSignal(Exception): """ Exception raised when a transaction is finalized""" - def __init__(self, global_state): + def __init__(self, global_state, revert=False): self.global_state = global_state + self.revert = revert class TransactionStartSignal(Exception): @@ -70,9 +72,9 @@ class MessageCallTransaction: return global_state - def end(self, global_state, return_data=None): + def end(self, global_state, return_data=None, revert=False): self.return_data = return_data - raise TransactionEndSignal(global_state) + raise TransactionEndSignal(global_state, revert) class ContractCreationTransaction: @@ -125,7 +127,7 @@ class ContractCreationTransaction: return global_state - def end(self, global_state, return_data=None): + def end(self, global_state, return_data=None, revert=False): if not all([isinstance(element, int) for element in return_data]): self.return_data = None @@ -136,4 +138,6 @@ class ContractCreationTransaction: global_state.environment.active_account.code = Disassembly(contract_code) self.return_data = global_state.environment.active_account.address - raise TransactionEndSignal(global_state) + raise TransactionEndSignal(global_state, revert=revert) + + From 09e04a3360b77441db230068031a2be726d6dbaa Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Mon, 8 Oct 2018 20:54:45 +0200 Subject: [PATCH 026/213] Adds vmTests --- .../VMTests/vmTests/suicide.json | 51 +++++++++++++++++++ tests/laser/evm_testsuite/evm_test.py | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 tests/laser/evm_testsuite/VMTests/vmTests/suicide.json diff --git a/tests/laser/evm_testsuite/VMTests/vmTests/suicide.json b/tests/laser/evm_testsuite/VMTests/vmTests/suicide.json new file mode 100644 index 00000000..d815ceb8 --- /dev/null +++ b/tests/laser/evm_testsuite/VMTests/vmTests/suicide.json @@ -0,0 +1,51 @@ +{ + "suicide" : { + "_info" : { + "comment" : "", + "filledwith" : "testeth 1.5.0.dev2-52+commit.d419e0a2", + "lllcversion" : "Version: 0.4.26-develop.2018.9.19+commit.785cbf40.Linux.g++", + "source" : "src/VMTestsFiller/vmTests/suicideFiller.json", + "sourceHash" : "4622c577440f9db4b3954a1de60bf2fac55886dcb0ec4ecaf906c25bc77372e7" + }, + "callcreates" : [ + ], + "env" : { + "currentCoinbase" : "0x2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", + "currentDifficulty" : "0x0100", + "currentGasLimit" : "0x0f4240", + "currentNumber" : "0x00", + "currentTimestamp" : "0x01" + }, + "exec" : { + "address" : "0x0f572e5295c57f15886f9b263e2f6d2d6c7b5ec6", + "caller" : "0xcd1722f3947def4cf144679da39c4c32bdc35681", + "code" : "0x33ff", + "data" : "0x", + "gas" : "0x0186a0", + "gasPrice" : "0x5af3107a4000", + "origin" : "0xcd1722f3947def4cf144679da39c4c32bdc35681", + "value" : "0x0de0b6b3a7640000" + }, + "gas" : "0x01869e", + "logs" : "0x1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347", + "out" : "0x", + "post" : { + "0xcd1722f3947def4cf144679da39c4c32bdc35681" : { + "balance" : "0x152d02c7e14af6800000", + "code" : "0x", + "nonce" : "0x00", + "storage" : { + } + } + }, + "pre" : { + "0x0f572e5295c57f15886f9b263e2f6d2d6c7b5ec6" : { + "balance" : "0x152d02c7e14af6800000", + "code" : "0x33ff", + "nonce" : "0x00", + "storage" : { + } + } + } + } +} \ No newline at end of file diff --git a/tests/laser/evm_testsuite/evm_test.py b/tests/laser/evm_testsuite/evm_test.py index 72bcacd5..82c2c973 100644 --- a/tests/laser/evm_testsuite/evm_test.py +++ b/tests/laser/evm_testsuite/evm_test.py @@ -12,7 +12,7 @@ import pytest evm_test_dir = Path(__file__).parent / 'VMTests' -test_types = ['vmArithmeticTest', 'vmBitwiseLogicOperation', 'vmPushDupSwapTest'] +test_types = ['vmArithmeticTest', 'vmBitwiseLogicOperation', 'vmPushDupSwapTest', 'vmTests'] def load_test_data(designations): From b51eee3605f2e51186120b0781e2b4d016a5ce3d Mon Sep 17 00:00:00 2001 From: Maxime Biais Date: Tue, 9 Oct 2018 10:49:11 +0200 Subject: [PATCH 027/213] First step to fix the solc_args option --- mythril/mythril.py | 2 +- mythril/support/signatures.py | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/mythril/mythril.py b/mythril/mythril.py index 5d36a774..e20e1a12 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -317,7 +317,7 @@ class Mythril(object): try: # import signatures from solidity source - self.sigs.import_from_solidity_source(file) + self.sigs.import_from_solidity_source(file, solc_binary=self.solc_binary, solc_args=self.solc_args) # Save updated function signatures self.sigs.write() # dump signatures to disk (previously opened file or default location) diff --git a/mythril/support/signatures.py b/mythril/support/signatures.py index 7fb8f373..fd8d0c3a 100644 --- a/mythril/support/signatures.py +++ b/mythril/support/signatures.py @@ -177,13 +177,13 @@ class SignatureDb(object): """ return self.get(sighash=item) - def import_from_solidity_source(self, file_path): + def import_from_solidity_source(self, file_path, solc_binary="solc", solc_args=None): """ Import Function Signatures from solidity source files :param file_path: solidity source code file path :return: self """ - self.signatures.update(SignatureDb.get_sigs_from_file(file_path)) + self.signatures.update(SignatureDb.get_sigs_from_file(file_path, solc_binary, solc_args)) return self @staticmethod @@ -206,13 +206,15 @@ class SignatureDb(object): proxies=proxies)) @staticmethod - def get_sigs_from_file(file_name): + def get_sigs_from_file(file_name, solc_binary="solc", solc_args=None): """ :param file_name: accepts a filename :return: their signature mappings """ sigs = {} - cmd = ["solc", "--hashes", file_name] + cmd = [solc_binary, "--hashes", file_name] + if solc_args: + cmd.extend([i for i in solc_args.split(" ") if i != ""]) try: p = Popen(cmd, stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate() From ba34b3629c89cb087a2ccafe88606bd97894b856 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 12:51:07 +0200 Subject: [PATCH 028/213] Fix mutable default arg definitions --- mythril/analysis/modules/external_calls.py | 5 +++-- mythril/analysis/modules/integer.py | 5 ++++- mythril/laser/ethereum/state.py | 4 +++- mythril/laser/ethereum/taint_analysis.py | 4 +++- mythril/mythril.py | 4 +++- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/mythril/analysis/modules/external_calls.py b/mythril/analysis/modules/external_calls.py index 9b7d4038..2f9350af 100644 --- a/mythril/analysis/modules/external_calls.py +++ b/mythril/analysis/modules/external_calls.py @@ -16,8 +16,9 @@ Check for call.value()() to external addresses MAX_SEARCH_DEPTH = 64 -def search_children(statespace, node, start_index=0, depth=0, results=[]): - +def search_children(statespace, node, start_index=0, depth=0, results=None): + if results is None: + results = [] logging.debug("SEARCHING NODE %d", node.uid) if depth < MAX_SEARCH_DEPTH: diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index d83fd7a3..48707c11 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -214,7 +214,7 @@ def _check_sstore(state, taint_result): return taint_result.check(state, -2) -def _search_children(statespace, node, expression, taint_result=None, constraint=[], index=0, depth=0, max_depth=64): +def _search_children(statespace, node, expression, taint_result=None, constraint=None, index=0, depth=0, max_depth=64): """ Checks the statespace for children states, with JUMPI or SSTORE instuctions, for dependency on expression @@ -227,6 +227,9 @@ def _search_children(statespace, node, expression, taint_result=None, constraint :param max_depth: Max depth to explore :return: List of states that match the opcodes and are dependent on expression """ + if constraint is None: + constraint = [] + logging.debug("SEARCHING NODE for usage of an overflowed variable %d", node.uid) if taint_result is None: diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 03b271ac..b744fc7c 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -135,8 +135,10 @@ class MachineStack(list): """ STACK_LIMIT = 1024 - def __init__(self, default_list=[]): + def __init__(self, default_list=None): super(MachineStack, self).__init__(default_list) + if default_list is None: + default_list = [] def append(self, element): """ diff --git a/mythril/laser/ethereum/taint_analysis.py b/mythril/laser/ethereum/taint_analysis.py index 2fdb0c52..4f605008 100644 --- a/mythril/laser/ethereum/taint_analysis.py +++ b/mythril/laser/ethereum/taint_analysis.py @@ -82,7 +82,7 @@ class TaintRunner: """ @staticmethod - def execute(statespace, node, state, initial_stack=[]): + def execute(statespace, node, state, initial_stack=None): """ Runs taint analysis on the statespace :param statespace: symbolic statespace to run taint analysis on @@ -91,6 +91,8 @@ class TaintRunner: :param stack_indexes: stack indexes to introduce taint :return: TaintResult object containing analysis results """ + if initial_stack is None: + initial_stack = [] result = TaintResult() transaction_stack_length = len(node.states[0].transaction_stack) # Build initial current_node diff --git a/mythril/mythril.py b/mythril/mythril.py index 5d36a774..f7c4c8d7 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -382,7 +382,9 @@ class Mythril(object): return report - def get_state_variable_from_storage(self, address, params=[]): + def get_state_variable_from_storage(self, address, params=None): + if params is None: + params = [] (position, length, mappings) = (0, 1, []) try: if params[0] == "mapping": From f2677aa1eea897eee476b5b9f982db00f6212d6b Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 12:51:16 +0200 Subject: [PATCH 029/213] Replace dict creation with dict literal --- mythril/ether/asm.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/mythril/ether/asm.py b/mythril/ether/asm.py index 70fbb53a..5cc2b4b5 100644 --- a/mythril/ether/asm.py +++ b/mythril/ether/asm.py @@ -42,9 +42,7 @@ def easm_to_instruction_list(easm): # Invalid code line continue - instruction = {} - - instruction['opcode'] = m.group(1) + instruction = {'opcode': m.group(1)} if m.group(2): instruction['argument'] = m.group(2)[2:] @@ -101,9 +99,7 @@ def disassemble(bytecode): while addr < length: - instruction = {} - - instruction['address'] = addr + instruction = {'address': addr} try: if (sys.version_info > (3, 0)): From 462388cab253d5fccf760f7044348c4938903d29 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 13:06:37 +0200 Subject: [PATCH 030/213] Set default list before super call --- mythril/laser/ethereum/state.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index b744fc7c..16c01c3a 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -136,9 +136,9 @@ class MachineStack(list): STACK_LIMIT = 1024 def __init__(self, default_list=None): - super(MachineStack, self).__init__(default_list) if default_list is None: default_list = [] + super(MachineStack, self).__init__(default_list) def append(self, element): """ From 8f16025ab02cdfe788db5c97fb49eb7a75d3bca5 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 9 Oct 2018 07:06:57 -0700 Subject: [PATCH 031/213] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index aec4b962..b82dfaa5 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,10 @@ Instructions for using the 'myth' tool are found on the [Wiki](https://github.co For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG). +## Vulnerability Remediation + +Visit the [Smart Contract Vulnerability Classification Registry](https://smartcontractsecurity.github.io/SWC-registry/) to find detailed information and remediation guidance about the vulnerabilities reported. + ## Presentations, papers and articles - [Analyzing Ethereum Smart Contracts for Vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df) From 6fd8b76900bc2098e6007b126e5eb2995f43b6d1 Mon Sep 17 00:00:00 2001 From: Maxime Biais Date: Tue, 9 Oct 2018 11:10:14 +0200 Subject: [PATCH 032/213] Fix the second issue with solc_args --- mythril/ether/util.py | 11 +++++++++-- mythril/support/signatures.py | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/mythril/ether/util.py b/mythril/ether/util.py index ac09b4fb..0e4bae40 100644 --- a/mythril/ether/util.py +++ b/mythril/ether/util.py @@ -18,10 +18,17 @@ def safe_decode(hex_encoded_string): def get_solc_json(file, solc_binary="solc", solc_args=None): - cmd = [solc_binary, "--combined-json", "bin,bin-runtime,srcmap,srcmap-runtime", '--allow-paths', "."] + cmd = [solc_binary, "--combined-json", "bin,bin-runtime,srcmap,srcmap-runtime"] if solc_args: - cmd.extend(solc_args.split(" ")) + cmd.extend(solc_args.split()) + + if not "--allow-paths" in cmd: + cmd.extend(["--allow-paths", "."]) + else: + for i, arg in enumerate(cmd): + if arg == "--allow-paths": + cmd[i + 1] += ",." cmd.append(file) diff --git a/mythril/support/signatures.py b/mythril/support/signatures.py index fd8d0c3a..7c454089 100644 --- a/mythril/support/signatures.py +++ b/mythril/support/signatures.py @@ -183,7 +183,7 @@ class SignatureDb(object): :param file_path: solidity source code file path :return: self """ - self.signatures.update(SignatureDb.get_sigs_from_file(file_path, solc_binary, solc_args)) + self.signatures.update(SignatureDb.get_sigs_from_file(file_path, solc_binary=solc_binary, solc_args=solc_args)) return self @staticmethod @@ -214,7 +214,7 @@ class SignatureDb(object): sigs = {} cmd = [solc_binary, "--hashes", file_name] if solc_args: - cmd.extend([i for i in solc_args.split(" ") if i != ""]) + cmd.extend(solc_args.split()) try: p = Popen(cmd, stdout=PIPE, stderr=PIPE) stdout, stderr = p.communicate() From 73acb9add20c0da83842e075b512a878e19b8a60 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 9 Oct 2018 10:46:41 -0700 Subject: [PATCH 033/213] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b82dfaa5..41566bac 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ For support or general discussions please join the Mythril community on [Discord ## Vulnerability Remediation -Visit the [Smart Contract Vulnerability Classification Registry](https://smartcontractsecurity.github.io/SWC-registry/) to find detailed information and remediation guidance about the vulnerabilities reported. +Visit the [Smart Contract Vulnerability Classification Registry](https://smartcontractsecurity.github.io/SWC-registry/) to find detailed information and remediation guidance for the vulnerabilities reported. ## Presentations, papers and articles From 217e9c01ea89e9fa140fdd81dba659fc3d1d8cb8 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:19:21 +0200 Subject: [PATCH 034/213] Remove unused variable --- mythril/laser/ethereum/call.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 31e6990e..4afdf49d 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -98,7 +98,7 @@ def get_callee_account(global_state, callee_address, dynamic_loader): try: code = dynamic_loader.dynld(environment.active_account.address, callee_address) - except Exception as e: + except Exception: logging.info("Unable to execute dynamic loader.") raise ValueError() if code is None: From 6e86c183b2741cf3b481d37ae19881eb6aa2ef03 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:19:31 +0200 Subject: [PATCH 035/213] Reformat evm from tabs to spaces --- mythril/ether/evm.py | 81 ++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 41 deletions(-) diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 449fcdcf..4cf03752 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -7,69 +7,68 @@ from io import StringIO import re -def trace(code, calldata = ""): +def trace(code, calldata=""): + log_handlers = ['eth.vm.op', 'eth.vm.op.stack', 'eth.vm.op.memory', 'eth.vm.op.storage'] - log_handlers = ['eth.vm.op', 'eth.vm.op.stack', 'eth.vm.op.memory', 'eth.vm.op.storage'] + output = StringIO() + stream_handler = StreamHandler(output) - output = StringIO() - stream_handler = StreamHandler(output) + for handler in log_handlers: + log_vm_op = get_logger(handler) + log_vm_op.setLevel("TRACE") + log_vm_op.addHandler(stream_handler) - for handler in log_handlers: - log_vm_op = get_logger(handler) - log_vm_op.setLevel("TRACE") - log_vm_op.addHandler(stream_handler) + addr = bytes.fromhex('0123456789ABCDEF0123456789ABCDEF01234567') - addr = bytes.fromhex('0123456789ABCDEF0123456789ABCDEF01234567') + state = State() - state = State() + ext = messages.VMExt(state, transactions.Transaction(0, 0, 21000, addr, 0, addr)) - ext = messages.VMExt(state, transactions.Transaction(0, 0, 21000, addr, 0, addr)) + message = vm.Message(addr, addr, 0, 21000, calldata) - message = vm.Message(addr, addr, 0, 21000, calldata) + res, gas, dat = vm.vm_execute(ext, message, util.safe_decode(code)) - res, gas, dat = vm.vm_execute(ext, message, util.safe_decode(code)) + stream_handler.flush() - stream_handler.flush() + ret = output.getvalue() - ret = output.getvalue() + lines = ret.split("\n") - lines = ret.split("\n") + trace = [] - trace = [] + for line in lines: - for line in lines: + m = re.search(r'pc=b\'(\d+)\'.*op=([A-Z0-9]+)', line) - m = re.search(r'pc=b\'(\d+)\'.*op=([A-Z0-9]+)', line) + if m: + pc = m.group(1) + op = m.group(2) - if m: - pc = m.group(1) - op = m.group(2) + m = re.match(r'.*stack=(\[.*?\])', line) - m = re.match(r'.*stack=(\[.*?\])', line) - - if (m): + if (m): - stackitems = re.findall(r'b\'(\d+)\'', m.group(1)) + stackitems = re.findall(r'b\'(\d+)\'', m.group(1)) - stack = "["; + stack = "["; - if (len(stackitems)): + if (len(stackitems)): - for i in range(0, len(stackitems) - 1): - stack += hex(int(stackitems[i])) + ", " + for i in range(0, len(stackitems) - 1): + stack += hex(int(stackitems[i])) + ", " - stack += hex(int(stackitems[-1])) + stack += hex(int(stackitems[-1])) - stack += "]" + stack += "]" - else: - stack = "[]" + else: + stack = "[]" - if (re.match(r'^PUSH.*', op)): - val = re.search(r'pushvalue=(\d+)', line).group(1) - pushvalue = hex(int(val)) - trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) - else: - trace.append({'pc': pc, 'op': op, 'stack': stack}) + if (re.match(r'^PUSH.*', op)): + val = re.search(r'pushvalue=(\d+)', line).group(1) + pushvalue = hex(int(val)) + trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) + else: + trace.append({'pc': pc, 'op': op, 'stack': stack}) - return trace + return trace From 527dd0b1d8221245f74d5c826b69938efca531c9 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:20:00 +0200 Subject: [PATCH 036/213] Remove evm unused variables --- mythril/ether/evm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 4cf03752..4a099a1f 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -26,7 +26,7 @@ def trace(code, calldata=""): message = vm.Message(addr, addr, 0, 21000, calldata) - res, gas, dat = vm.vm_execute(ext, message, util.safe_decode(code)) + vm.vm_execute(ext, message, util.safe_decode(code)) stream_handler.flush() From 12f8460628f7e1c1ed05df0b21d858082737d0c0 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:21:02 +0200 Subject: [PATCH 037/213] Remove evm redundant parentheses --- mythril/ether/evm.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 4a099a1f..2cc40e97 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -52,7 +52,7 @@ def trace(code, calldata=""): stack = "["; - if (len(stackitems)): + if len(stackitems): for i in range(0, len(stackitems) - 1): stack += hex(int(stackitems[i])) + ", " @@ -64,7 +64,7 @@ def trace(code, calldata=""): else: stack = "[]" - if (re.match(r'^PUSH.*', op)): + if re.match(r'^PUSH.*', op): val = re.search(r'pushvalue=(\d+)', line).group(1) pushvalue = hex(int(val)) trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) From 355d5edd87a5f03cc282f63d15315d2ae26aa35d Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:22:14 +0200 Subject: [PATCH 038/213] Fix line spacing in evm --- mythril/ether/evm.py | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 2cc40e97..576223d5 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -9,7 +9,6 @@ import re def trace(code, calldata=""): log_handlers = ['eth.vm.op', 'eth.vm.op.stack', 'eth.vm.op.memory', 'eth.vm.op.storage'] - output = StringIO() stream_handler = StreamHandler(output) @@ -19,48 +18,33 @@ def trace(code, calldata=""): log_vm_op.addHandler(stream_handler) addr = bytes.fromhex('0123456789ABCDEF0123456789ABCDEF01234567') - state = State() ext = messages.VMExt(state, transactions.Transaction(0, 0, 21000, addr, 0, addr)) - message = vm.Message(addr, addr, 0, 21000, calldata) - vm.vm_execute(ext, message, util.safe_decode(code)) - stream_handler.flush() - ret = output.getvalue() - lines = ret.split("\n") trace = [] - for line in lines: - m = re.search(r'pc=b\'(\d+)\'.*op=([A-Z0-9]+)', line) - if m: pc = m.group(1) op = m.group(2) - m = re.match(r'.*stack=(\[.*?\])', line) - if (m): - + if m: stackitems = re.findall(r'b\'(\d+)\'', m.group(1)) - stack = "["; if len(stackitems): - for i in range(0, len(stackitems) - 1): stack += hex(int(stackitems[i])) + ", " - stack += hex(int(stackitems[-1])) stack += "]" - else: stack = "[]" From 3d4484811a570bbdac0803de9c98b068c72c353f Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:26:03 +0200 Subject: [PATCH 039/213] Remove unused variables in instructions --- mythril/laser/ethereum/instructions.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index a7c19959..ff253f3f 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -503,7 +503,6 @@ class Instruction: global keccak_function_manager state = global_state.mstate - environment = global_state.environment op0, op1 = state.stack.pop(), state.stack.pop() try: @@ -711,7 +710,6 @@ class Instruction: _bytes = util.concrete_int_to_bytes(value) i = 0 - for b in _bytes: state.memory[mstart + i] = _bytes[i] i += 1 @@ -956,7 +954,7 @@ class Instruction: state = global_state.mstate dpth = int(self.op_code[3:]) state.stack.pop(), state.stack.pop() - [state.stack.pop() for x in range(dpth)] + [state.stack.pop() for _ in range(dpth)] # Not supported return [global_state] From 4dfff5fb2b917ba6a5d85061d2625340a9e980df Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:26:58 +0200 Subject: [PATCH 040/213] Refactor loop to use enumerate --- mythril/laser/ethereum/instructions.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index ff253f3f..34cd76c7 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -709,10 +709,8 @@ class Instruction: # Attempt to concretize value _bytes = util.concrete_int_to_bytes(value) - i = 0 - for b in _bytes: - state.memory[mstart + i] = _bytes[i] - i += 1 + for i, b in enumerate(_bytes): + state.memory[mstart + i] = b except: try: state.memory[mstart] = value From 9a90a92297540a2b7240c666fb84408ebf0821e5 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:28:46 +0200 Subject: [PATCH 041/213] Remove unused variables from tests --- tests/analysis/test_delegatecall.py | 2 +- tests/laser/state/mstack_test.py | 2 +- tests/laser/transaction/symbolic_test.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/analysis/test_delegatecall.py b/tests/analysis/test_delegatecall.py index 3fb02020..9e88c1fd 100644 --- a/tests/analysis/test_delegatecall.py +++ b/tests/analysis/test_delegatecall.py @@ -189,7 +189,7 @@ def test_delegate_call(sym_mock, concrete_mock, curr_instruction): statespace.calls = [call] # act - issues = execute(statespace) + execute(statespace) # assert assert concrete_mock.call_count == 1 diff --git a/tests/laser/state/mstack_test.py b/tests/laser/state/mstack_test.py index 7ccd51c1..6dba7031 100644 --- a/tests/laser/state/mstack_test.py +++ b/tests/laser/state/mstack_test.py @@ -45,7 +45,7 @@ class MachineStackTest(BaseTestCase): mstack = MachineStack([0, 1]) with pytest.raises(NotImplementedError): - mstack = mstack + [2] + mstack + [2] @staticmethod def test_mstack_no_support_iadd(): diff --git a/tests/laser/transaction/symbolic_test.py b/tests/laser/transaction/symbolic_test.py index 6c27b327..91ee00f5 100644 --- a/tests/laser/transaction/symbolic_test.py +++ b/tests/laser/transaction/symbolic_test.py @@ -49,7 +49,7 @@ def test_execute_contract_creation(mocked_setup: MagicMock): mocked_setup.side_effect = _is_contract_creation # Act - new_account = execute_contract_creation(laser_evm, "606000") + execute_contract_creation(laser_evm, "606000") # Assert # mocked_setup.assert_called() From a85918a6f700970642447303aec9a41d26a80ca2 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:35:11 +0200 Subject: [PATCH 042/213] Remove unused variables from mythril --- mythril/mythril.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/mythril/mythril.py b/mythril/mythril.py index 080493fd..221d136d 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -87,7 +87,7 @@ class Mythril(object): self.sigs = signatures.SignatureDb() try: self.sigs.open() # tries mythril_dir/signatures.json by default (provide path= arg to make this configurable) - except FileNotFoundError as fnfe: + except FileNotFoundError: logging.info( "No signature database found. Creating database if sigs are loaded in: " + self.sigs.signatures_file + "\n" + "Consider replacing it with the pre-initialized database at https://raw.githubusercontent.com/ConsenSys/mythril/master/signatures.json") @@ -259,8 +259,7 @@ class Mythril(object): def search_db(self, search): - def search_callback(contract, address, balance): - + def search_callback(_, address, balance): print("Address: " + address + ", balance: " + str(balance)) try: @@ -288,10 +287,10 @@ class Mythril(object): code = self.eth.eth_getCode(address) except FileNotFoundError as e: raise CriticalError("IPC error: " + str(e)) - except ConnectionError as e: + except ConnectionError: raise CriticalError("Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly.") except Exception as e: - raise CriticalError("IPC / RPC error: " + str(e)) + raise CriticalError("IPC / RPC error: " + str(e)) else: if code == "0x" or code == "0x0": raise CriticalError("Received an empty response from eth_getCode. Check the contract address and verify that you are on the correct chain.") @@ -431,7 +430,7 @@ class Mythril(object): outtxt.append("{}: {}".format(hex(i), self.eth.eth_getStorageAt(address, i))) except FileNotFoundError as e: raise CriticalError("IPC error: " + str(e)) - except ConnectionError as e: + except ConnectionError: raise CriticalError("Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly.") return '\n'.join(outtxt) From 1428343a3d91af7694d2ebe0e1cd84047a573b69 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:37:22 +0200 Subject: [PATCH 043/213] Remove even more unused variables --- mythril/analysis/symbolic.py | 1 - mythril/laser/ethereum/state.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/mythril/analysis/symbolic.py b/mythril/analysis/symbolic.py index 09447a67..bc2373a7 100644 --- a/mythril/analysis/symbolic.py +++ b/mythril/analysis/symbolic.py @@ -16,7 +16,6 @@ class SymExecWrapper: def __init__(self, contract, address, strategy, dynloader=None, max_depth=22, execution_timeout=None, create_timeout=None): - s_strategy = None if strategy == 'dfs': s_strategy = DepthFirstSearchStrategy elif strategy == 'bfs': diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 16c01c3a..fd35c86c 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -278,10 +278,10 @@ class GlobalState: def new_bitvec(self, name, size=256): transaction_id = self.current_transaction.id - node_id = self.node.uid return BitVec("{}_{}".format(transaction_id, name), size) + class WorldState: """ The WorldState class represents the world state as described in the yellow paper From 2547f43f8ab3bab211bf2515ae8be578f3a04539 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:39:11 +0200 Subject: [PATCH 044/213] Remove unreachable code --- mythril/leveldb/accountindexing.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/mythril/leveldb/accountindexing.py b/mythril/leveldb/accountindexing.py index 26a4ab9a..5eca5547 100644 --- a/mythril/leveldb/accountindexing.py +++ b/mythril/leveldb/accountindexing.py @@ -71,8 +71,6 @@ class AccountIndexer(object): else: raise AddressNotFoundError - return self.db.reader._get_address_by_hash(contract_hash) - def _process(self, startblock): ''' Processesing method @@ -154,4 +152,4 @@ class AccountIndexer(object): self.db.writer._set_last_indexed_number(self.lastProcessedBlock) print("Finished indexing") - self.lastBlock = self.lastProcessedBlock \ No newline at end of file + self.lastBlock = self.lastProcessedBlock From 2e56cef99a8bcfb78b1a915b63be03266ff3c0ad Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 21:52:18 +0200 Subject: [PATCH 045/213] Fix outer scope variable shadowing --- .../modules/dependence_on_predictable_vars.py | 4 +-- mythril/analysis/modules/ether_send.py | 4 +-- mythril/analysis/modules/multiple_sends.py | 2 +- mythril/analysis/traceexplore.py | 10 +++---- mythril/ether/evm.py | 8 +++--- mythril/leveldb/accountindexing.py | 8 +++--- mythril/leveldb/state.py | 28 +++++++++---------- tests/taint_runner_test.py | 21 +++++++------- 8 files changed, 42 insertions(+), 43 deletions(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index 56cc3156..1e1085ab 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -120,8 +120,8 @@ def solve(call): model = solver.get_model(call.node.constraints) logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] MODEL: " + str(model)) - for d in model.decls(): - logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] main model: %s = 0x%x" % (d.name(), model[d].as_long())) + for decl in model.decls(): + logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] main model: %s = 0x%x" % (decl.name(), model[decl].as_long())) return True except UnsatError: diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index bfb0d057..00aac6a5 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -111,8 +111,8 @@ def execute(statespace): try: model = solver.get_model(node.constraints) - for d in model.decls(): - logging.debug("[ETHER_SEND] main model: %s = 0x%x" % (d.name(), model[d].as_long())) + for decl in model.decls(): + logging.debug("[ETHER_SEND] main model: %s = 0x%x" % (decl.name(), model[decl].as_long())) debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) diff --git a/mythril/analysis/modules/multiple_sends.py b/mythril/analysis/modules/multiple_sends.py index 0df17575..5b36f86d 100644 --- a/mythril/analysis/modules/multiple_sends.py +++ b/mythril/analysis/modules/multiple_sends.py @@ -38,7 +38,7 @@ def execute(statespace): def _explore_nodes(call, statespace): children = _child_nodes(statespace, call.node) - sending_children = list(filter(lambda call: call.node in children, statespace.calls)) + sending_children = list(filter(lambda c: c.node in children, statespace.calls)) return sending_children diff --git a/mythril/analysis/traceexplore.py b/mythril/analysis/traceexplore.py index dc7af177..d70fdcbd 100644 --- a/mythril/analysis/traceexplore.py +++ b/mythril/analysis/traceexplore.py @@ -13,8 +13,8 @@ colors = [ {'border': '#4753bf', 'background': '#3b46a1', 'highlight': {'border': '#fff', 'background': '#424db3'}}, ] + def get_serializable_statespace(statespace): - nodes = [] edges = [] @@ -40,10 +40,10 @@ def get_serializable_statespace(statespace): color = color_map[node.get_cfg_dict()['contract_name']] - def get_state_accounts(state): + def get_state_accounts(node_state): state_accounts = [] - for key in state.accounts: - account = state.accounts[key].as_dict + for key in node_state.accounts: + account = node_state.accounts[key].as_dict account.pop('code', None) account['balance'] = str(account['balance']) @@ -81,7 +81,7 @@ def get_serializable_statespace(statespace): for edge in statespace.edges: - if (edge.condition is None): + if edge.condition is None: label = "" else: diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 576223d5..545e30ff 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -27,7 +27,7 @@ def trace(code, calldata=""): ret = output.getvalue() lines = ret.split("\n") - trace = [] + state_trace = [] for line in lines: m = re.search(r'pc=b\'(\d+)\'.*op=([A-Z0-9]+)', line) if m: @@ -51,8 +51,8 @@ def trace(code, calldata=""): if re.match(r'^PUSH.*', op): val = re.search(r'pushvalue=(\d+)', line).group(1) pushvalue = hex(int(val)) - trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) + state_trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) else: - trace.append({'pc': pc, 'op': op, 'stack': stack}) + state_trace.append({'pc': pc, 'op': op, 'stack': stack}) - return trace + return state_trace diff --git a/mythril/leveldb/accountindexing.py b/mythril/leveldb/accountindexing.py index 5eca5547..dacc2f0a 100644 --- a/mythril/leveldb/accountindexing.py +++ b/mythril/leveldb/accountindexing.py @@ -63,11 +63,11 @@ class AccountIndexer(object): def get_contract_by_hash(self, contract_hash): ''' - get mapped address by its hash, if not found try indexing + get mapped contract_address by its hash, if not found try indexing ''' - address = self.db.reader._get_address_by_hash(contract_hash) - if address is not None: - return address + contract_address = self.db.reader._get_address_by_hash(contract_hash) + if contract_address is not None: + return contract_address else: raise AddressNotFoundError diff --git a/mythril/leveldb/state.py b/mythril/leveldb/state.py index 96360300..c6a24119 100644 --- a/mythril/leveldb/state.py +++ b/mythril/leveldb/state.py @@ -43,9 +43,9 @@ class Account(rlp.Serializable): ('code_hash', hash32) ] - def __init__(self, nonce, balance, storage, code_hash, db, address): + def __init__(self, nonce, balance, storage, code_hash, db, addr): self.db = db - self.address = address + self.address = addr super(Account, self).__init__(nonce, balance, storage, code_hash) self.storage_cache = {} self.storage_trie = SecureTrie(Trie(self.db)) @@ -73,12 +73,12 @@ class Account(rlp.Serializable): return self.storage_cache[key] @classmethod - def blank_account(cls, db, address, initial_nonce=0): + def blank_account(cls, db, addr, initial_nonce=0): ''' creates a blank account ''' db.put(BLANK_HASH, b'') - o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, address) + o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, addr) o.existent_at_start = False return o @@ -100,21 +100,21 @@ class State(): self.journal = [] self.cache = {} - def get_and_cache_account(self, address): + def get_and_cache_account(self, addr): ''' gets and caches an account for an addres, creates blank if not found ''' - if address in self.cache: - return self.cache[address] - rlpdata = self.secure_trie.get(address) - if rlpdata == trie.BLANK_NODE and len(address) == 32: # support for hashed addresses - rlpdata = self.trie.get(address) + if addr in self.cache: + return self.cache[addr] + rlpdata = self.secure_trie.get(addr) + if rlpdata == trie.BLANK_NODE and len(addr) == 32: # support for hashed addresses + rlpdata = self.trie.get(addr) if rlpdata != trie.BLANK_NODE: - o = rlp.decode(rlpdata, Account, db=self.db, address=address) + o = rlp.decode(rlpdata, Account, db=self.db, address=addr) else: o = Account.blank_account( - self.db, address, 0) - self.cache[address] = o + self.db, addr, 0) + self.cache[addr] = o o._mutable = True o._cached_rlp = None return o @@ -125,4 +125,4 @@ class State(): ''' for address_hash, rlpdata in self.secure_trie.trie.iter_branch(): if rlpdata != trie.BLANK_NODE: - yield rlp.decode(rlpdata, Account, db=self.db, address=address_hash) \ No newline at end of file + yield rlp.decode(rlpdata, Account, db=self.db, address=address_hash) diff --git a/tests/taint_runner_test.py b/tests/taint_runner_test.py index 17ef00eb..9b533f3b 100644 --- a/tests/taint_runner_test.py +++ b/tests/taint_runner_test.py @@ -6,13 +6,14 @@ from mythril.laser.ethereum.cfg import Node, Edge from mythril.laser.ethereum.state import MachineState, Account, Environment, GlobalState from mythril.laser.ethereum.svm import LaserEVM -def test_execute_state(mocker): + +def test_execute_state(state_mocker): record = TaintRecord() record.stack = [True, False, True] state = GlobalState(None, None, None) state.mstate.stack = [1, 2, 3] - mocker.patch.object(state, 'get_current_instruction') + state_mocker.patch.object(state, 'get_current_instruction') state.get_current_instruction.return_value = {"opcode": "ADD"} # Act @@ -23,19 +24,19 @@ def test_execute_state(mocker): assert record.stack == [True, False, True] -def test_execute_node(mocker): +def test_execute_node(node_mocker): record = TaintRecord() record.stack = [True, True, False, False] state_1 = GlobalState(None, None, None) state_1.mstate.stack = [1, 2, 3, 1] state_1.mstate.pc = 1 - mocker.patch.object(state_1, 'get_current_instruction') + node_mocker.patch.object(state_1, 'get_current_instruction') state_1.get_current_instruction.return_value = {"opcode": "SWAP1"} state_2 = GlobalState(None, 1, None) state_2.mstate.stack = [1, 2, 4, 1] - mocker.patch.object(state_2, 'get_current_instruction') + node_mocker.patch.object(state_2, 'get_current_instruction') state_2.get_current_instruction.return_value = {"opcode": "ADD"} node = Node("Test contract") @@ -54,19 +55,17 @@ def test_execute_node(mocker): assert state_1 in record.states - - -def test_execute(mocker): +def test_execute(state_mocker): active_account = Account('0x00') environment = Environment(active_account, None, None, None, None, None) state_1 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_1.mstate.stack = [1, 2] - mocker.patch.object(state_1, 'get_current_instruction') + state_mocker.patch.object(state_1, 'get_current_instruction') state_1.get_current_instruction.return_value = {"opcode": "PUSH"} state_2 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_2.mstate.stack = [1, 2, 3] - mocker.patch.object(state_2, 'get_current_instruction') + state_mocker.patch.object(state_2, 'get_current_instruction') state_2.get_current_instruction.return_value = {"opcode": "ADD"} node_1 = Node("Test contract") @@ -74,7 +73,7 @@ def test_execute(mocker): state_3 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_3.mstate.stack = [1, 2] - mocker.patch.object(state_3, 'get_current_instruction') + state_mocker.patch.object(state_3, 'get_current_instruction') state_3.get_current_instruction.return_value = {"opcode": "ADD"} node_2 = Node("Test contract") From 0142e6e41b2c9abe6b4ea2d1a6528c00669e129e Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 22:11:41 +0200 Subject: [PATCH 046/213] Fix builtin name shadowing --- mythril/interfaces/cli.py | 4 ++-- mythril/leveldb/accountindexing.py | 6 ++--- mythril/leveldb/client.py | 38 +++++++++++++++--------------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index be6cec59..e10b4e98 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -17,8 +17,8 @@ from mythril.mythril import Mythril from mythril.version import VERSION -def exit_with_error(format, message): - if format == 'text' or format == 'markdown': +def exit_with_error(fmt, message): + if fmt == 'text' or fmt == 'markdown': print(message) else: result = {'success': False, 'error': str(message), 'issues': []} diff --git a/mythril/leveldb/accountindexing.py b/mythril/leveldb/accountindexing.py index dacc2f0a..f61ebe80 100644 --- a/mythril/leveldb/accountindexing.py +++ b/mythril/leveldb/accountindexing.py @@ -80,9 +80,9 @@ class AccountIndexer(object): addresses = [] for blockNum in range(startblock, startblock + BATCH_SIZE): - hash = self.db.reader._get_block_hash(blockNum) - if hash is not None: - receipts = self.db.reader._get_block_receipts(hash, blockNum) + block_hash = self.db.reader._get_block_hash(blockNum) + if block_hash is not None: + receipts = self.db.reader._get_block_receipts(block_hash, blockNum) for receipt in receipts: if receipt.contractAddress is not None and not all(b == 0 for b in receipt.contractAddress): diff --git a/mythril/leveldb/client.py b/mythril/leveldb/client.py index b192b004..7d0bb0df 100644 --- a/mythril/leveldb/client.py +++ b/mythril/leveldb/client.py @@ -79,38 +79,38 @@ class LevelDBReader(object): gets head block header ''' if not self.head_block_header: - hash = self.db.get(head_header_key) - num = self._get_block_number(hash) - self.head_block_header = self._get_block_header(hash, num) + block_hash = self.db.get(head_header_key) + num = self._get_block_number(block_hash) + self.head_block_header = self._get_block_header(block_hash, num) # find header with valid state while not self.db.get(self.head_block_header.state_root) and self.head_block_header.prevhash is not None: - hash = self.head_block_header.prevhash - num = self._get_block_number(hash) - self.head_block_header = self._get_block_header(hash, num) + block_hash = self.head_block_header.prevhash + num = self._get_block_number(block_hash) + self.head_block_header = self._get_block_header(block_hash, num) return self.head_block_header - def _get_block_number(self, hash): + def _get_block_number(self, block_hash): ''' - gets block number by hash + gets block number by its hash ''' - number_key = block_hash_prefix + hash + number_key = block_hash_prefix + block_hash return self.db.get(number_key) - def _get_block_header(self, hash, num): + def _get_block_header(self, block_hash, num): ''' get block header by block header hash & number ''' - header_key = header_prefix + num + hash + header_key = header_prefix + num + block_hash block_header_data = self.db.get(header_key) header = rlp.decode(block_header_data, sedes=BlockHeader) return header - def _get_address_by_hash(self, hash): + def _get_address_by_hash(self, block_hash): ''' get mapped address by its hash ''' - address_key = address_prefix + hash + address_key = address_prefix + block_hash return self.db.get(address_key) def _get_last_indexed_number(self): @@ -119,12 +119,12 @@ class LevelDBReader(object): ''' return self.db.get(address_mapping_head_key) - def _get_block_receipts(self, hash, num): + def _get_block_receipts(self, block_hash, num): ''' get block transaction receipts by block header hash & number ''' number = _format_block_number(num) - receipts_key = block_receipts_prefix + number + hash + receipts_key = block_receipts_prefix + number + block_hash receipts_data = self.db.get(receipts_key) receipts = rlp.decode(receipts_data, sedes=CountableList(ReceiptForStorage)) return receipts @@ -216,12 +216,12 @@ class EthLevelDB(object): if not cnt % 1000: logging.info("Searched %d contracts" % cnt) - def contract_hash_to_address(self, hash): + def contract_hash_to_address(self, contract_hash): ''' tries to find corresponding account address ''' - address_hash = binascii.a2b_hex(utils.remove_0x_head(hash)) + address_hash = binascii.a2b_hex(utils.remove_0x_head(contract_hash)) indexer = AccountIndexer(self) return _encode_hex(indexer.get_contract_by_hash(address_hash)) @@ -230,9 +230,9 @@ class EthLevelDB(object): ''' gets block header by block number ''' - hash = self.reader._get_block_hash(number) + block_hash = self.reader._get_block_hash(number) block_number = _format_block_number(number) - return self.reader._get_block_header(hash, block_number) + return self.reader._get_block_header(block_hash, block_number) def eth_getBlockByNumber(self, number): ''' From 128a6f76e2bd51b1868dad7dd4ca283f03de14e0 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Tue, 9 Oct 2018 22:26:48 +0200 Subject: [PATCH 047/213] Revert taint test refactoring to fix pytest fixtures --- tests/taint_runner_test.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/taint_runner_test.py b/tests/taint_runner_test.py index 9b533f3b..e8dd3078 100644 --- a/tests/taint_runner_test.py +++ b/tests/taint_runner_test.py @@ -7,13 +7,13 @@ from mythril.laser.ethereum.state import MachineState, Account, Environment, Glo from mythril.laser.ethereum.svm import LaserEVM -def test_execute_state(state_mocker): +def test_execute_state(mocker): record = TaintRecord() record.stack = [True, False, True] state = GlobalState(None, None, None) state.mstate.stack = [1, 2, 3] - state_mocker.patch.object(state, 'get_current_instruction') + mocker.patch.object(state, 'get_current_instruction') state.get_current_instruction.return_value = {"opcode": "ADD"} # Act @@ -24,19 +24,19 @@ def test_execute_state(state_mocker): assert record.stack == [True, False, True] -def test_execute_node(node_mocker): +def test_execute_node(mocker): record = TaintRecord() record.stack = [True, True, False, False] state_1 = GlobalState(None, None, None) state_1.mstate.stack = [1, 2, 3, 1] state_1.mstate.pc = 1 - node_mocker.patch.object(state_1, 'get_current_instruction') + mocker.patch.object(state_1, 'get_current_instruction') state_1.get_current_instruction.return_value = {"opcode": "SWAP1"} state_2 = GlobalState(None, 1, None) state_2.mstate.stack = [1, 2, 4, 1] - node_mocker.patch.object(state_2, 'get_current_instruction') + mocker.patch.object(state_2, 'get_current_instruction') state_2.get_current_instruction.return_value = {"opcode": "ADD"} node = Node("Test contract") @@ -55,17 +55,17 @@ def test_execute_node(node_mocker): assert state_1 in record.states -def test_execute(state_mocker): +def test_execute(mocker): active_account = Account('0x00') environment = Environment(active_account, None, None, None, None, None) state_1 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_1.mstate.stack = [1, 2] - state_mocker.patch.object(state_1, 'get_current_instruction') + mocker.patch.object(state_1, 'get_current_instruction') state_1.get_current_instruction.return_value = {"opcode": "PUSH"} state_2 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_2.mstate.stack = [1, 2, 3] - state_mocker.patch.object(state_2, 'get_current_instruction') + mocker.patch.object(state_2, 'get_current_instruction') state_2.get_current_instruction.return_value = {"opcode": "ADD"} node_1 = Node("Test contract") @@ -73,7 +73,7 @@ def test_execute(state_mocker): state_3 = GlobalState(None, environment, None, MachineState(gas=10000000)) state_3.mstate.stack = [1, 2] - state_mocker.patch.object(state_3, 'get_current_instruction') + mocker.patch.object(state_3, 'get_current_instruction') state_3.get_current_instruction.return_value = {"opcode": "ADD"} node_2 = Node("Test contract") From e01121939022b4a9d28137c6a202f47aceea1686 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 9 Oct 2018 17:37:14 -0400 Subject: [PATCH 048/213] calldataload indexing (closes #528) --- mythril/laser/ethereum/instructions.py | 59 ++++++++++--------- mythril/laser/ethereum/state.py | 28 ++++++++- .../laser/ethereum/transaction/symbolic.py | 4 +- 3 files changed, 60 insertions(+), 31 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index a7c19959..9eeac800 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -353,37 +353,42 @@ class Instruction: environment = global_state.environment op0 = state.stack.pop() - try: - offset = util.get_concrete_int(simplify(op0)) - b = environment.calldata[offset] - except AttributeError: - logging.debug("CALLDATALOAD: Unsupported symbolic index") - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - return [global_state] - except IndexError: - logging.debug("Calldata not set, using symbolic variable instead") - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - return [global_state] + if environment.calldata_type == CalldataType.CONCRETE: + try: + offset = util.get_concrete_int(simplify(op0)) + b = environment.calldata[offset] + except AttributeError: + logging.debug("CALLDATALOAD: Unsupported symbolic index") + state.stack.append(global_state.new_bitvec( + "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) + return [global_state] + except IndexError: + logging.debug("Calldata not set, using symbolic variable instead") + state.stack.append(global_state.new_bitvec( + "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) + return [global_state] - if type(b) == int: - val = b'' + if type(b) == int: + val = b'' - try: - for i in range(offset, offset + 32): - val += environment.calldata[i].to_bytes(1, byteorder='big') + try: + for i in range(offset, offset + 32): + val += environment.calldata[i].to_bytes(1, byteorder='big') - logging.debug("Final value: " + str(int.from_bytes(val, byteorder='big'))) - state.stack.append(BitVecVal(int.from_bytes(val, byteorder='big'), 256)) - # FIXME: broad exception catch - except: + logging.debug("Final value: " + str(int.from_bytes(val, byteorder='big'))) + state.stack.append(BitVecVal(int.from_bytes(val, byteorder='big'), 256)) + # FIXME: broad exception catch + except: + state.stack.append(global_state.new_bitvec( + "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) + else: + # symbolic calldata + try: + state.stack.append(environment.calldata.get_word_at(util.get_concrete_int(op0))) + except AttributeError: + logging.debug("CALLDATALOAD: Unsupported symbolic index") state.stack.append(global_state.new_bitvec( "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - else: - # symbolic variable - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) return [global_state] @@ -448,7 +453,7 @@ class Instruction: return [global_state] try: - i_data = environment.calldata[dstart] + i_data = dstart for i in range(mstart, mstart + size): state.memory[i] = environment.calldata[i_data] diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 16c01c3a..e5f145de 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -1,4 +1,4 @@ -from z3 import BitVec, BitVecVal, Solver, ExprRef, sat +from z3 import BitVec, BitVecVal, Solver, ExprRef, Concat, sat, simplify from mythril.disassembler.disassembly import Disassembly from copy import copy, deepcopy from enum import Enum @@ -6,11 +6,35 @@ from random import randint from mythril.laser.ethereum.evm_exceptions import StackOverflowException, StackUnderflowException - class CalldataType(Enum): CONCRETE = 1 SYMBOLIC = 2 +class SymbolicCalldata: + def __init__(self, tx_id: int): + self.tx_id = tx_id + self._calldata = {} + + def get_word_at(self, index: int): + return self[index:index+32] + + def __getitem__(self, item: int): + if isinstance(item, slice): + if item.step != None \ + or item.start > item.stop \ + or item.start < 0 \ + or item.stop < 0: raise IndexError("Invalid Calldata Slice") + + dataparts = [] + for i in range(item.start, item.stop): + dataparts.append(self[i]) + return simplify(Concat(dataparts)) + else: + try: + return self._calldata[item] + except KeyError: + self._calldata[item] = BitVec(str(self.tx_id)+'_calldata['+str(item)+']', 8) + return self._calldata[item] class Storage: """ diff --git a/mythril/laser/ethereum/transaction/symbolic.py b/mythril/laser/ethereum/transaction/symbolic.py index 7eded8fb..faaa2c76 100644 --- a/mythril/laser/ethereum/transaction/symbolic.py +++ b/mythril/laser/ethereum/transaction/symbolic.py @@ -3,7 +3,7 @@ from logging import debug from mythril.disassembler.disassembly import Disassembly from mythril.laser.ethereum.cfg import Node, Edge, JumpType -from mythril.laser.ethereum.state import CalldataType +from mythril.laser.ethereum.state import CalldataType, SymbolicCalldata from mythril.laser.ethereum.transaction.transaction_models import MessageCallTransaction, ContractCreationTransaction,\ get_next_transaction_id @@ -23,7 +23,7 @@ def execute_message_call(laser_evm, callee_address): callee_account=open_world_state[callee_address], caller=BitVec("caller{}".format(next_transaction_id), 256), identifier=next_transaction_id, - call_data=[], + call_data=SymbolicCalldata(next_transaction_id), gas_price=BitVec("gas_price{}".format(next_transaction_id), 256), call_value=BitVec("call_value{}".format(next_transaction_id), 256), origin=BitVec("origin{}".format(next_transaction_id), 256), From df99920e364de6abe4f0692deceed8b5d13dfc64 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 9 Oct 2018 18:39:27 -0400 Subject: [PATCH 049/213] Added concolic support --- mythril/laser/ethereum/state.py | 6 +++++- mythril/laser/ethereum/transaction/concolic.py | 7 ++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index e5f145de..825e0619 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -11,10 +11,14 @@ class CalldataType(Enum): SYMBOLIC = 2 class SymbolicCalldata: - def __init__(self, tx_id: int): + def __init__(self, tx_id: int, starting_calldata: bytes=None): self.tx_id = tx_id self._calldata = {} + if starting_calldata: + for i in range(len(starting_calldata)): + self._calldata[i] = BitVecVal(starting_calldata[i], 8) + def get_word_at(self, index: int): return self[index:index+32] diff --git a/mythril/laser/ethereum/transaction/concolic.py b/mythril/laser/ethereum/transaction/concolic.py index 3f41bd0e..d9565121 100644 --- a/mythril/laser/ethereum/transaction/concolic.py +++ b/mythril/laser/ethereum/transaction/concolic.py @@ -1,6 +1,6 @@ from mythril.laser.ethereum.transaction.transaction_models import MessageCallTransaction, ContractCreationTransaction, get_next_transaction_id from z3 import BitVec -from mythril.laser.ethereum.state import GlobalState, Environment, CalldataType, Account, WorldState +from mythril.laser.ethereum.state import GlobalState, Environment, CalldataType, Account, WorldState, SymbolicCalldata from mythril.disassembler.disassembly import Disassembly from mythril.laser.ethereum.cfg import Node, Edge, JumpType @@ -10,13 +10,14 @@ def execute_message_call(laser_evm, callee_address, caller_address, origin_addre open_states = laser_evm.open_states[:] del laser_evm.open_states[:] + next_transaction_id = get_next_transaction_id() for open_world_state in open_states: transaction = MessageCallTransaction( - identifier=get_next_transaction_id(), + identifier=next_transaction_id, world_state=open_world_state, callee_account=open_world_state[callee_address], caller=caller_address, - call_data=data, + call_data=SymbolicCalldata(next_transaction_id, data), gas_price=gas_price, call_value=value, origin=origin_address, From fc0ead33b5f9df484a2ece7d72d935f50a8b5cd9 Mon Sep 17 00:00:00 2001 From: JoranHonig Date: Wed, 10 Oct 2018 10:44:55 +0200 Subject: [PATCH 050/213] Add PyPI downloads badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 41566bac..99a91d4f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ ![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg) [![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=all)](https://waffle.io/ConsenSys/mythril) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) - +![mythril PyPI Downloads](https://pypistats.com/badge/mythril.png) mythril Mythril OSS is the classic security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. From 850032da415d43a1e769da40b13b99be23f89395 Mon Sep 17 00:00:00 2001 From: JoranHonig Date: Wed, 10 Oct 2018 10:48:46 +0200 Subject: [PATCH 051/213] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 99a91d4f..3a57ede6 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ ![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg) [![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=all)](https://waffle.io/ConsenSys/mythril) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) -![mythril PyPI Downloads](https://pypistats.com/badge/mythril.png) +[![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril) mythril Mythril OSS is the classic security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. From 06d0bca91083771855a9384f708910a0ad4568ad Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Wed, 10 Oct 2018 16:47:32 +0200 Subject: [PATCH 052/213] Add static methods where needed --- mythril/laser/ethereum/instructions.py | 10 ++++++---- mythril/mythril.py | 9 ++++++--- tests/native_test.py | 4 ++-- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index a7c19959..57315bb3 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -779,7 +779,8 @@ class Instruction: return self._sload_helper(global_state, str(index)) - def _sload_helper(self, global_state, index, constraints=None): + @staticmethod + def _sload_helper(global_state, index, constraints=None): try: data = global_state.environment.active_account.storage[index] except KeyError: @@ -792,8 +793,8 @@ class Instruction: global_state.mstate.stack.append(data) return [global_state] - - def _get_constraints(self, keccak_keys, this_key, argument): + @staticmethod + def _get_constraints(keccak_keys, this_key, argument): global keccak_function_manager for keccak_key in keccak_keys: if keccak_key == this_key: @@ -843,7 +844,8 @@ class Instruction: return self._sstore_helper(global_state, str(index), value) - def _sstore_helper(self, global_state, index, value, constraint=None): + @staticmethod + def _sstore_helper(global_state, index, value, constraint=None): try: global_state.environment.active_account = deepcopy(global_state.environment.active_account) global_state.accounts[ diff --git a/mythril/mythril.py b/mythril/mythril.py index 080493fd..9cdeb0fd 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -103,7 +103,8 @@ class Mythril(object): self.contracts = [] # loaded contracts - def _init_mythril_dir(self): + @staticmethod + def _init_mythril_dir(): try: mythril_dir = os.environ['MYTHRIL_DIR'] except KeyError: @@ -179,7 +180,8 @@ class Mythril(object): def analyze_truffle_project(self, *args, **kwargs): return analyze_truffle_project(self.sigs, *args, **kwargs) # just passthru by passing signatures for now - def _init_solc_binary(self, version): + @staticmethod + def _init_solc_binary(version): # Figure out solc binary and version # Only proper versions are supported. No nightlies, commits etc (such as available in remix) @@ -435,7 +437,8 @@ class Mythril(object): raise CriticalError("Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly.") return '\n'.join(outtxt) - def disassemble(self, contract): + @staticmethod + def disassemble(contract): return contract.get_easm() @staticmethod diff --git a/tests/native_test.py b/tests/native_test.py index a0942d42..eafd003b 100644 --- a/tests/native_test.py +++ b/tests/native_test.py @@ -98,9 +98,9 @@ def _test_natives(laser_info, test_list, test_name): assert(success == len(test_list)) - class NativeTests(BaseTestCase): - def runTest(self): + @staticmethod + def runTest(): disassembly = SolidityContract('./tests/native_tests.sol').disassembly account = Account("0x0000000000000000000000000000000000000000", disassembly) accounts = {account.address: account} From 0b422a5e42afda3e3787a914851e8767ba1216a1 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Wed, 10 Oct 2018 16:47:52 +0200 Subject: [PATCH 053/213] Remove redeclared vars without usage --- tests/native_test.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/native_test.py b/tests/native_test.py index eafd003b..bcb0eab9 100644 --- a/tests/native_test.py +++ b/tests/native_test.py @@ -6,13 +6,13 @@ from mythril.laser.ethereum import svm from tests import * -SHA256_TEST = [ (0,False) for i in range(6)] +SHA256_TEST = [(0, False) for _ in range(6)] -RIPEMD160_TEST = [ (0,False) for i in range(6)] +RIPEMD160_TEST = [(0, False) for _ in range(6)] -ECRECOVER_TEST = [ (0,False) for i in range(9)] +ECRECOVER_TEST = [(0, False) for _ in range(9)] -IDENTITY_TEST = [ (0, False) for i in range(4)] +IDENTITY_TEST = [(0, False) for _ in range(4)] SHA256_TEST[0] = (5555555555555555, True) #These are Random numbers to check whether the 'if condition' is entered or not(True means entered) SHA256_TEST[1] = (323232325445454546, True) From 0694867c2e8cbc1e7d5899581002422b5891d123 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Wed, 10 Oct 2018 16:48:50 +0200 Subject: [PATCH 054/213] Remove redundant parentheses --- mythril/analysis/symbolic.py | 4 ++-- mythril/analysis/traceexplore.py | 2 +- mythril/ether/asm.py | 4 ++-- mythril/ether/ethcontract.py | 4 ++-- mythril/ether/evm.py | 6 +++--- mythril/ether/util.py | 2 +- mythril/laser/ethereum/util.py | 4 ++-- mythril/leveldb/accountindexing.py | 4 ++-- mythril/leveldb/state.py | 4 ++-- mythril/support/loader.py | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/mythril/analysis/symbolic.py b/mythril/analysis/symbolic.py index 09447a67..d11d4189 100644 --- a/mythril/analysis/symbolic.py +++ b/mythril/analysis/symbolic.py @@ -67,7 +67,7 @@ class SymExecWrapper: # ignore prebuilts continue - if (meminstart.type == VarType.CONCRETE and meminsz.type == VarType.CONCRETE): + if meminstart.type == VarType.CONCRETE and meminsz.type == VarType.CONCRETE: self.calls.append(Call(self.nodes[key], state, state_index, op, to, gas, value, state.mstate.memory[meminstart.val:meminsz.val * 4])) else: self.calls.append(Call(self.nodes[key], state, state_index, op, to, gas, value)) @@ -105,7 +105,7 @@ class SymExecWrapper: taint = True for constraint in s.node.constraints: - if ("caller" in str(constraint)): + if "caller" in str(constraint): taint = False break diff --git a/mythril/analysis/traceexplore.py b/mythril/analysis/traceexplore.py index dc7af177..62d9ea50 100644 --- a/mythril/analysis/traceexplore.py +++ b/mythril/analysis/traceexplore.py @@ -81,7 +81,7 @@ def get_serializable_statespace(statespace): for edge in statespace.edges: - if (edge.condition is None): + if edge.condition is None: label = "" else: diff --git a/mythril/ether/asm.py b/mythril/ether/asm.py index 5cc2b4b5..5e2267ea 100644 --- a/mythril/ether/asm.py +++ b/mythril/ether/asm.py @@ -80,7 +80,7 @@ def find_opcode_sequence(pattern, instruction_list): matched = False break - if (matched): + if matched: match_indexes.append(i) return match_indexes @@ -102,7 +102,7 @@ def disassemble(bytecode): instruction = {'address': addr} try: - if (sys.version_info > (3, 0)): + if sys.version_info > (3, 0): opcode = opcodes[bytecode[addr]] else: opcode = opcodes[ord(bytecode[addr])] diff --git a/mythril/ether/ethcontract.py b/mythril/ether/ethcontract.py index b43b1919..0b7ec3a9 100644 --- a/mythril/ether/ethcontract.py +++ b/mythril/ether/ethcontract.py @@ -49,7 +49,7 @@ class ETHContract(persistent.Persistent): m = re.match(r'^code#([a-zA-Z0-9\s,\[\]]+)#', token) - if (m): + if m: if easm_code is None: easm_code = self.get_easm() @@ -59,7 +59,7 @@ class ETHContract(persistent.Persistent): m = re.match(r'^func#([a-zA-Z0-9\s_,(\\)\[\]]+)#$', token) - if (m): + if m: sign_hash = "0x" + utils.sha3(m.group(1))[:4].hex() diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index 449fcdcf..fcf2e0f1 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -47,13 +47,13 @@ def trace(code, calldata = ""): m = re.match(r'.*stack=(\[.*?\])', line) - if (m): + if m: stackitems = re.findall(r'b\'(\d+)\'', m.group(1)) stack = "["; - if (len(stackitems)): + if len(stackitems): for i in range(0, len(stackitems) - 1): stack += hex(int(stackitems[i])) + ", " @@ -65,7 +65,7 @@ def trace(code, calldata = ""): else: stack = "[]" - if (re.match(r'^PUSH.*', op)): + if re.match(r'^PUSH.*', op): val = re.search(r'pushvalue=(\d+)', line).group(1) pushvalue = hex(int(val)) trace.append({'pc': pc, 'op': op, 'stack': stack, 'pushvalue': pushvalue}) diff --git a/mythril/ether/util.py b/mythril/ether/util.py index 0e4bae40..6b351665 100644 --- a/mythril/ether/util.py +++ b/mythril/ether/util.py @@ -10,7 +10,7 @@ import json def safe_decode(hex_encoded_string): - if (hex_encoded_string.startswith("0x")): + if hex_encoded_string.startswith("0x"): return bytes.fromhex(hex_encoded_string[2:]) else: return bytes.fromhex(hex_encoded_string) diff --git a/mythril/laser/ethereum/util.py b/mythril/laser/ethereum/util.py index c6c8e5ce..8d680534 100644 --- a/mythril/laser/ethereum/util.py +++ b/mythril/laser/ethereum/util.py @@ -16,7 +16,7 @@ def sha3(seed): def safe_decode(hex_encoded_string): - if (hex_encoded_string.startswith("0x")): + if hex_encoded_string.startswith("0x"): return bytes.fromhex(hex_encoded_string[2:]) else: return bytes.fromhex(hex_encoded_string) @@ -99,7 +99,7 @@ def concrete_int_to_bytes(val): # logging.debug("concrete_int_to_bytes " + str(val)) - if (type(val) == int): + if type(val) == int: return val.to_bytes(32, byteorder='big') return (simplify(val).as_long()).to_bytes(32, byteorder='big') diff --git a/mythril/leveldb/accountindexing.py b/mythril/leveldb/accountindexing.py index 26a4ab9a..9732ca19 100644 --- a/mythril/leveldb/accountindexing.py +++ b/mythril/leveldb/accountindexing.py @@ -128,7 +128,7 @@ class AccountIndexer(object): count = 0 processed = 0 - while (blockNum <= self.lastBlock): + while blockNum <= self.lastBlock: # leveldb cannot be accessed on multiple processes (not even readonly) # multithread version performs significantly worse than serial try: @@ -154,4 +154,4 @@ class AccountIndexer(object): self.db.writer._set_last_indexed_number(self.lastProcessedBlock) print("Finished indexing") - self.lastBlock = self.lastProcessedBlock \ No newline at end of file + self.lastBlock = self.lastProcessedBlock diff --git a/mythril/leveldb/state.py b/mythril/leveldb/state.py index 96360300..135c783c 100644 --- a/mythril/leveldb/state.py +++ b/mythril/leveldb/state.py @@ -88,7 +88,7 @@ class Account(rlp.Serializable): ''' return self.nonce == 0 and self.balance == 0 and self.code_hash == BLANK_HASH -class State(): +class State: ''' adjusted state from ethereum.state ''' @@ -125,4 +125,4 @@ class State(): ''' for address_hash, rlpdata in self.secure_trie.trie.iter_branch(): if rlpdata != trie.BLANK_NODE: - yield rlp.decode(rlpdata, Account, db=self.db, address=address_hash) \ No newline at end of file + yield rlp.decode(rlpdata, Account, db=self.db, address=address_hash) diff --git a/mythril/support/loader.py b/mythril/support/loader.py index 7c0855ec..d219d17c 100644 --- a/mythril/support/loader.py +++ b/mythril/support/loader.py @@ -37,7 +37,7 @@ class DynLoader: m = re.match(r'^(0x[0-9a-fA-F]{40})$', dependency_address) - if (m): + if m: dependency_address = m.group(1) else: @@ -47,7 +47,7 @@ class DynLoader: code = self.eth.eth_getCode(dependency_address) - if (code == "0x"): + if code == "0x": return None else: return Disassembly(code) From cadf702acecfa5d1d9cdfebc2573366d5d44ee31 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Wed, 10 Oct 2018 16:52:56 +0200 Subject: [PATCH 055/213] Convert single-quoted to double-quoted docstrings --- mythril/analysis/symbolic.py | 4 +- mythril/leveldb/accountindexing.py | 20 +++--- mythril/leveldb/client.py | 104 ++++++++++++++--------------- mythril/leveldb/eth_db.py | 18 ++--- mythril/leveldb/state.py | 32 ++++----- mythril/rpc/base_client.py | 28 ++++---- mythril/rpc/client.py | 4 +- mythril/rpc/utils.py | 16 ++--- 8 files changed, 113 insertions(+), 113 deletions(-) diff --git a/mythril/analysis/symbolic.py b/mythril/analysis/symbolic.py index d11d4189..ac03303f 100644 --- a/mythril/analysis/symbolic.py +++ b/mythril/analysis/symbolic.py @@ -9,9 +9,9 @@ from mythril.laser.ethereum.strategy.basic import DepthFirstSearchStrategy, Brea class SymExecWrapper: - ''' + """ Wrapper class for the LASER Symbolic virtual machine. Symbolically executes the code and does a bit of pre-analysis for convenience. - ''' + """ def __init__(self, contract, address, strategy, dynloader=None, max_depth=22, execution_timeout=None, create_timeout=None): diff --git a/mythril/leveldb/accountindexing.py b/mythril/leveldb/accountindexing.py index 9732ca19..7578afd1 100644 --- a/mythril/leveldb/accountindexing.py +++ b/mythril/leveldb/accountindexing.py @@ -34,9 +34,9 @@ class CountableList(object): class ReceiptForStorage(rlp.Serializable): - ''' + """ Receipt format stored in levelDB - ''' + """ fields = [ ('state_root', binary), @@ -50,9 +50,9 @@ class ReceiptForStorage(rlp.Serializable): class AccountIndexer(object): - ''' + """ Updates address index - ''' + """ def __init__(self, ethDB): self.db = ethDB @@ -62,9 +62,9 @@ class AccountIndexer(object): self.updateIfNeeded() def get_contract_by_hash(self, contract_hash): - ''' + """ get mapped address by its hash, if not found try indexing - ''' + """ address = self.db.reader._get_address_by_hash(contract_hash) if address is not None: return address @@ -74,9 +74,9 @@ class AccountIndexer(object): return self.db.reader._get_address_by_hash(contract_hash) def _process(self, startblock): - ''' + """ Processesing method - ''' + """ logging.debug("Processing blocks %d to %d" % (startblock, startblock + BATCH_SIZE)) addresses = [] @@ -96,9 +96,9 @@ class AccountIndexer(object): return addresses def updateIfNeeded(self): - ''' + """ update address index - ''' + """ headBlock = self.db.reader._get_head_block() if headBlock is not None: # avoid restarting search if head block is same & we already initialized diff --git a/mythril/leveldb/client.py b/mythril/leveldb/client.py index b192b004..81c3f9e4 100644 --- a/mythril/leveldb/client.py +++ b/mythril/leveldb/client.py @@ -26,23 +26,23 @@ address_mapping_head_key = b'accountMapping' # head (latest) number of indexed def _format_block_number(number): - ''' + """ formats block number to uint64 big endian - ''' + """ return utils.zpad(utils.int_to_big_endian(number), 8) def _encode_hex(v): - ''' + """ encodes hash as hex - ''' + """ return '0x' + utils.encode_hex(v) class LevelDBReader(object): - ''' + """ level db reading interface, can be used with snapshot - ''' + """ def __init__(self, db): self.db = db @@ -50,34 +50,34 @@ class LevelDBReader(object): self.head_state = None def _get_head_state(self): - ''' + """ gets head state - ''' + """ if not self.head_state: root = self._get_head_block().state_root self.head_state = State(self.db, root) return self.head_state def _get_account(self, address): - ''' + """ gets account by address - ''' + """ state = self._get_head_state() account_address = binascii.a2b_hex(utils.remove_0x_head(address)) return state.get_and_cache_account(account_address) def _get_block_hash(self, number): - ''' + """ gets block hash by block number - ''' + """ num = _format_block_number(number) hash_key = header_prefix + num + num_suffix return self.db.get(hash_key) def _get_head_block(self): - ''' + """ gets head block header - ''' + """ if not self.head_block_header: hash = self.db.get(head_header_key) num = self._get_block_number(hash) @@ -91,38 +91,38 @@ class LevelDBReader(object): return self.head_block_header def _get_block_number(self, hash): - ''' + """ gets block number by hash - ''' + """ number_key = block_hash_prefix + hash return self.db.get(number_key) def _get_block_header(self, hash, num): - ''' + """ get block header by block header hash & number - ''' + """ header_key = header_prefix + num + hash block_header_data = self.db.get(header_key) header = rlp.decode(block_header_data, sedes=BlockHeader) return header def _get_address_by_hash(self, hash): - ''' + """ get mapped address by its hash - ''' + """ address_key = address_prefix + hash return self.db.get(address_key) def _get_last_indexed_number(self): - ''' + """ latest indexed block number - ''' + """ return self.db.get(address_mapping_head_key) def _get_block_receipts(self, hash, num): - ''' + """ get block transaction receipts by block header hash & number - ''' + """ number = _format_block_number(num) receipts_key = block_receipts_prefix + number + hash receipts_data = self.db.get(receipts_key) @@ -131,44 +131,44 @@ class LevelDBReader(object): class LevelDBWriter(object): - ''' + """ level db writing interface - ''' + """ def __init__(self, db): self.db = db self.wb = None def _set_last_indexed_number(self, number): - ''' + """ sets latest indexed block number - ''' + """ return self.db.put(address_mapping_head_key, _format_block_number(number)) def _start_writing(self): - ''' + """ start writing a batch - ''' + """ self.wb = self.db.write_batch() def _commit_batch(self): - ''' + """ commit batch - ''' + """ self.wb.write() def _store_account_address(self, address): - ''' + """ get block transaction receipts by block header hash & number - ''' + """ address_key = address_prefix + utils.sha3(address) self.wb.put(address_key, address) class EthLevelDB(object): - ''' + """ Go-Ethereum LevelDB client class - ''' + """ def __init__(self, path): self.path = path @@ -177,9 +177,9 @@ class EthLevelDB(object): self.writer = LevelDBWriter(self.db) def get_contracts(self): - ''' + """ iterate through all contracts - ''' + """ for account in self.reader._get_head_state().get_all_accounts(): if account.code is not None: code = _encode_hex(account.code) @@ -188,9 +188,9 @@ class EthLevelDB(object): yield contract, account.address, account.balance def search(self, expression, callback_func): - ''' + """ searches through all contract accounts - ''' + """ cnt = 0 indexer = AccountIndexer(self) @@ -217,9 +217,9 @@ class EthLevelDB(object): logging.info("Searched %d contracts" % cnt) def contract_hash_to_address(self, hash): - ''' + """ tries to find corresponding account address - ''' + """ address_hash = binascii.a2b_hex(utils.remove_0x_head(hash)) indexer = AccountIndexer(self) @@ -227,17 +227,17 @@ class EthLevelDB(object): return _encode_hex(indexer.get_contract_by_hash(address_hash)) def eth_getBlockHeaderByNumber(self, number): - ''' + """ gets block header by block number - ''' + """ hash = self.reader._get_block_hash(number) block_number = _format_block_number(number) return self.reader._get_block_header(hash, block_number) def eth_getBlockByNumber(self, number): - ''' + """ gets block body by block number - ''' + """ block_hash = self.reader._get_block_hash(number) block_number = _format_block_number(number) body_key = body_prefix + block_number + block_hash @@ -246,22 +246,22 @@ class EthLevelDB(object): return body def eth_getCode(self, address): - ''' + """ gets account code - ''' + """ account = self.reader._get_account(address) return _encode_hex(account.code) def eth_getBalance(self, address): - ''' + """ gets account balance - ''' + """ account = self.reader._get_account(address) return account.balance def eth_getStorageAt(self, address, position): - ''' + """ gets account storage data at position - ''' + """ account = self.reader._get_account(address) return _encode_hex(utils.zpad(utils.encode_int(account.get_storage_data(position)), 32)) diff --git a/mythril/leveldb/eth_db.py b/mythril/leveldb/eth_db.py index a46d9e93..ab9107fa 100644 --- a/mythril/leveldb/eth_db.py +++ b/mythril/leveldb/eth_db.py @@ -3,27 +3,27 @@ from ethereum.db import BaseDB class ETH_DB(BaseDB): - ''' + """ adopts pythereum BaseDB using plyvel - ''' + """ def __init__(self, path): self.db = plyvel.DB(path) def get(self, key): - ''' + """ gets value for key - ''' + """ return self.db.get(key) def put(self, key, value): - ''' + """ puts value for key - ''' + """ self.db.put(key, value) def write_batch(self): - ''' + """ start writing a batch - ''' - return self.db.write_batch() \ No newline at end of file + """ + return self.db.write_batch() diff --git a/mythril/leveldb/state.py b/mythril/leveldb/state.py index 135c783c..e8f86331 100644 --- a/mythril/leveldb/state.py +++ b/mythril/leveldb/state.py @@ -32,9 +32,9 @@ STATE_DEFAULTS = { class Account(rlp.Serializable): - ''' + """ adjusted account from ethereum.state - ''' + """ fields = [ ('nonce', big_endian_int), @@ -57,15 +57,15 @@ class Account(rlp.Serializable): @property def code(self): - ''' + """ code rlp data - ''' + """ return self.db.get(self.code_hash) def get_storage_data(self, key): - ''' + """ get storage data - ''' + """ if key not in self.storage_cache: v = self.storage_trie.get(utils.encode_int32(key)) self.storage_cache[key] = utils.big_endian_to_int( @@ -74,24 +74,24 @@ class Account(rlp.Serializable): @classmethod def blank_account(cls, db, address, initial_nonce=0): - ''' + """ creates a blank account - ''' + """ db.put(BLANK_HASH, b'') o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, address) o.existent_at_start = False return o def is_blank(self): - ''' + """ checks if is a blank account - ''' + """ return self.nonce == 0 and self.balance == 0 and self.code_hash == BLANK_HASH class State: - ''' + """ adjusted state from ethereum.state - ''' + """ def __init__(self, db, root): self.db = db @@ -101,9 +101,9 @@ class State: self.cache = {} def get_and_cache_account(self, address): - ''' + """ gets and caches an account for an addres, creates blank if not found - ''' + """ if address in self.cache: return self.cache[address] rlpdata = self.secure_trie.get(address) @@ -120,9 +120,9 @@ class State: return o def get_all_accounts(self): - ''' + """ iterates through trie to and yields non-blank leafs as accounts - ''' + """ for address_hash, rlpdata in self.secure_trie.trie.iter_branch(): if rlpdata != trie.BLANK_NODE: yield rlp.decode(rlpdata, Account, db=self.db, address=address_hash) diff --git a/mythril/rpc/base_client.py b/mythril/rpc/base_client.py index bc8b1994..9234ecf9 100644 --- a/mythril/rpc/base_client.py +++ b/mythril/rpc/base_client.py @@ -20,64 +20,64 @@ class BaseClient(object): pass def eth_coinbase(self): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_coinbase TESTED - ''' + """ return self._call('eth_coinbase') def eth_blockNumber(self): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_blocknumber TESTED - ''' + """ return hex_to_dec(self._call('eth_blockNumber')) def eth_getBalance(self, address=None, block=BLOCK_TAG_LATEST): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_getbalance TESTED - ''' + """ address = address or self.eth_coinbase() block = validate_block(block) return hex_to_dec(self._call('eth_getBalance', [address, block])) def eth_getStorageAt(self, address=None, position=0, block=BLOCK_TAG_LATEST): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_getstorageat TESTED - ''' + """ block = validate_block(block) return self._call('eth_getStorageAt', [address, hex(position), block]) def eth_getCode(self, address, default_block=BLOCK_TAG_LATEST): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_getcode NEEDS TESTING - ''' + """ if isinstance(default_block, str): if default_block not in BLOCK_TAGS: raise ValueError return self._call('eth_getCode', [address, default_block]) def eth_getBlockByNumber(self, block=BLOCK_TAG_LATEST, tx_objects=True): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_getblockbynumber TESTED - ''' + """ block = validate_block(block) return self._call('eth_getBlockByNumber', [block, tx_objects]) def eth_getTransactionReceipt(self, tx_hash): - ''' + """ https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_gettransactionreceipt TESTED - ''' + """ return self._call('eth_getTransactionReceipt', [tx_hash]) diff --git a/mythril/rpc/client.py b/mythril/rpc/client.py index 6a7f0b96..1545092f 100644 --- a/mythril/rpc/client.py +++ b/mythril/rpc/client.py @@ -17,9 +17,9 @@ JSON_MEDIA_TYPE = 'application/json' This code is adapted from: https://github.com/ConsenSys/ethjsonrpc ''' class EthJsonRpc(BaseClient): - ''' + """ Ethereum JSON-RPC client class - ''' + """ def __init__(self, host='localhost', port=GETH_DEFAULT_RPC_PORT, tls=False): self.host = host diff --git a/mythril/rpc/utils.py b/mythril/rpc/utils.py index e87b7dc6..5f98fcea 100644 --- a/mythril/rpc/utils.py +++ b/mythril/rpc/utils.py @@ -2,17 +2,17 @@ from .constants import BLOCK_TAGS def hex_to_dec(x): - ''' + """ Convert hex to decimal - ''' + """ return int(x, 16) def clean_hex(d): - ''' + """ Convert decimal to hex and remove the "L" suffix that is appended to large numbers - ''' + """ return hex(d).rstrip('L') def validate_block(block): @@ -25,14 +25,14 @@ def validate_block(block): def wei_to_ether(wei): - ''' + """ Convert wei to ether - ''' + """ return 1.0 * wei / 10**18 def ether_to_wei(ether): - ''' + """ Convert ether to wei - ''' + """ return ether * 10**18 From 6e8527af80bbddd7e00ed99df78196fd49f2c959 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Wed, 10 Oct 2018 17:00:32 +0200 Subject: [PATCH 056/213] Remove trailing semicolon --- mythril/ether/evm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/ether/evm.py b/mythril/ether/evm.py index fcf2e0f1..0bcc7206 100644 --- a/mythril/ether/evm.py +++ b/mythril/ether/evm.py @@ -51,7 +51,7 @@ def trace(code, calldata = ""): stackitems = re.findall(r'b\'(\d+)\'', m.group(1)) - stack = "["; + stack = "[" if len(stackitems): From f6b2352a606a00bcb6e1d6449db0cfc83d7618a9 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 10 Oct 2018 12:31:08 -0400 Subject: [PATCH 057/213] Added coloredlogs --- mythril/interfaces/cli.py | 7 +++++-- requirements.txt | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index be6cec59..3e398704 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -5,7 +5,7 @@ http://www.github.com/ConsenSys/mythril """ -import logging +import logging, coloredlogs import json import sys import argparse @@ -103,7 +103,10 @@ def main(): if args.v: if 0 <= args.v < 3: - logging.basicConfig(level=[logging.NOTSET, logging.INFO, logging.DEBUG][args.v]) + coloredlogs.install( + fmt='%(name)s[%(process)d] %(levelname)s %(message)s', + level=[logging.NOTSET, logging.INFO, logging.DEBUG][args.v] + ) else: exit_with_error(args.outform, "Invalid -v value, you can find valid values in usage") diff --git a/requirements.txt b/requirements.txt index 53a4a086..30162f8d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ +coloredlogs>=10.0 configparser>=3.5.0 coverage eth_abi>=1.0.0 From ca1ea9b40c3334e323ae6921e50598b3c63ab7f6 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 10 Oct 2018 11:12:33 -0700 Subject: [PATCH 058/213] Smaller Waffle Badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a57ede6..36734764 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG) [![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril) ![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg) -[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=all)](https://waffle.io/ConsenSys/mythril) +[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) [![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril) mythril From 59f31f569e9a467c3d77ee47726853e06315a5bf Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 10 Oct 2018 11:13:59 -0700 Subject: [PATCH 059/213] Remve stray "[" --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 36734764..74868731 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG) [![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril) ![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg) -[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress) +![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) [![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril) mythril From 0515a0b9dc7f757a3aa21d6c3f20d255325fdf82 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 10 Oct 2018 11:15:54 -0700 Subject: [PATCH 060/213] =?UTF-8?q?Re-add=20link=20#=E2=80=91)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 74868731..f6a1f38a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG) [![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril) ![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg) -![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress) +[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress)](https://waffle.io/ConsenSys/mythril) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) [![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril) mythril From 818a340c3630fa6fbec7c8f09aadc23839235af7 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 10 Oct 2018 11:17:14 -0700 Subject: [PATCH 061/213] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f6a1f38a..a60f239f 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Mythril OSS is the classic security analysis tool for Ethereum smart contracts. Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs! -Oh and by the way, we're now building a whole security tools ecosystem with [Mythril Platform](https://mythril.ai). You should definitely check that out as well. +Oh and by the way, we're building an easy-to-use SaaS solution and tools ecosystem for Ethereum developers called [Mythril Platform](https://mythril.ai). You should definitely check that out as well. ## Installation and setup @@ -25,7 +25,7 @@ Install from Pypi: ```bash $ pip3 install mythril -``` +```now See the [Wiki](https://github.com/ConsenSys/mythril/wiki/Installation-and-Setup) for more detailed instructions. From 4e403b018a7e43c4e72a84b80bac942f07ea0c9a Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 10 Oct 2018 11:29:36 -0700 Subject: [PATCH 062/213] Fix messed-up formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a60f239f..c5fbd20f 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Install from Pypi: ```bash $ pip3 install mythril -```now +``` See the [Wiki](https://github.com/ConsenSys/mythril/wiki/Installation-and-Setup) for more detailed instructions. From 39e58fcbdd996b1fdb4267853887260bc0b63c06 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 10 Oct 2018 19:42:29 -0400 Subject: [PATCH 063/213] added coloredlogs dependency to setup.py --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index cfb6cb7b..2c92ce4a 100755 --- a/setup.py +++ b/setup.py @@ -82,6 +82,7 @@ setup( packages=find_packages(exclude=['contrib', 'docs', 'tests']), install_requires=[ + 'coloredlogs>=10.0', 'ethereum>=2.3.2', 'z3-solver>=4.5', 'requests', From b7d9c22767aee6e9cf4b4646eb6780348d9724ef Mon Sep 17 00:00:00 2001 From: p0n1 Date: Thu, 11 Oct 2018 16:40:21 +0800 Subject: [PATCH 064/213] ethcontract: replace placeholder for library in creation_code --- mythril/ether/ethcontract.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mythril/ether/ethcontract.py b/mythril/ether/ethcontract.py index b43b1919..cf7e5eed 100644 --- a/mythril/ether/ethcontract.py +++ b/mythril/ether/ethcontract.py @@ -7,7 +7,8 @@ import re class ETHContract(persistent.Persistent): def __init__(self, code, creation_code="", name="Unknown", enable_online_lookup=True): - + + creation_code = re.sub(r'(_+.*_+)', 'aa' * 20, creation_code) self.creation_code = creation_code self.name = name From b53ac587c57e07273e8078e934831fa2080b631f Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Thu, 11 Oct 2018 19:27:18 +0200 Subject: [PATCH 065/213] Rename fmt to format_type in cli interface --- mythril/interfaces/cli.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index e10b4e98..9bab540a 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -17,8 +17,8 @@ from mythril.mythril import Mythril from mythril.version import VERSION -def exit_with_error(fmt, message): - if fmt == 'text' or fmt == 'markdown': +def exit_with_error(format_type, message): + if format_type == 'text' or format_type == 'markdown': print(message) else: result = {'success': False, 'error': str(message), 'issues': []} From 8f8bf3e7c11bd9dd579778163a49004f3d6bc619 Mon Sep 17 00:00:00 2001 From: Dominik Muhs Date: Thu, 11 Oct 2018 21:27:43 +0200 Subject: [PATCH 066/213] Rename format var and refactor mstore memory loop --- mythril/interfaces/cli.py | 4 ++-- mythril/laser/ethereum/instructions.py | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index 9bab540a..061044fd 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -17,8 +17,8 @@ from mythril.mythril import Mythril from mythril.version import VERSION -def exit_with_error(format_type, message): - if format_type == 'text' or format_type == 'markdown': +def exit_with_error(format_, message): + if format_ == 'text' or format_ == 'markdown': print(message) else: result = {'success': False, 'error': str(message), 'issues': []} diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 34cd76c7..a1dbbe60 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -707,10 +707,8 @@ class Instruction: try: # Attempt to concretize value - _bytes = util.concrete_int_to_bytes(value) - - for i, b in enumerate(_bytes): - state.memory[mstart + i] = b + bytes_ = util.concrete_int_to_bytes(value) + state.memory[mstart: mstart + len(bytes_)] = bytes_ except: try: state.memory[mstart] = value From 91469ca6af590e73d76f7c3fb9fa89ef1be86dbe Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 11 Oct 2018 17:25:30 -0400 Subject: [PATCH 067/213] improved symbolic calldata indexing --- mythril/analysis/solver.py | 6 ++- mythril/laser/ethereum/instructions.py | 50 +++---------------- mythril/laser/ethereum/state.py | 46 ++++++++++------- .../laser/ethereum/transaction/concolic.py | 6 +-- .../laser/ethereum/transaction/symbolic.py | 4 +- 5 files changed, 47 insertions(+), 65 deletions(-) diff --git a/mythril/analysis/solver.py b/mythril/analysis/solver.py index 9c5a2dd0..c7597b63 100644 --- a/mythril/analysis/solver.py +++ b/mythril/analysis/solver.py @@ -1,4 +1,4 @@ -from z3 import Solver, simplify, sat, unknown +from z3 import Solver, simplify, sat, unknown, FuncInterp from mythril.exceptions import UnsatError import logging @@ -21,6 +21,10 @@ def pretty_print_model(model): ret = "" for d in model.decls(): + if type(model[d]) == FuncInterp: + condition = model[d].as_list() + ret += ("%s: %s\n" % (d.name(), condition)) + continue try: condition = "0x%x" % model[d].as_long() diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 9eeac800..02e9ffcf 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -130,7 +130,6 @@ class Instruction: op1 = If(op1, BitVecVal(1, 256), BitVecVal(0, 256)) if type(op2) == BoolRef: op2 = If(op2, BitVecVal(1, 256), BitVecVal(0, 256)) - stack.append(op1 & op2) return [global_state] @@ -353,43 +352,7 @@ class Instruction: environment = global_state.environment op0 = state.stack.pop() - if environment.calldata_type == CalldataType.CONCRETE: - try: - offset = util.get_concrete_int(simplify(op0)) - b = environment.calldata[offset] - except AttributeError: - logging.debug("CALLDATALOAD: Unsupported symbolic index") - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - return [global_state] - except IndexError: - logging.debug("Calldata not set, using symbolic variable instead") - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - return [global_state] - - if type(b) == int: - val = b'' - - try: - for i in range(offset, offset + 32): - val += environment.calldata[i].to_bytes(1, byteorder='big') - - logging.debug("Final value: " + str(int.from_bytes(val, byteorder='big'))) - state.stack.append(BitVecVal(int.from_bytes(val, byteorder='big'), 256)) - # FIXME: broad exception catch - except: - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - else: - # symbolic calldata - try: - state.stack.append(environment.calldata.get_word_at(util.get_concrete_int(op0))) - except AttributeError: - logging.debug("CALLDATALOAD: Unsupported symbolic index") - state.stack.append(global_state.new_bitvec( - "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) - + state.stack.append(environment.calldata.get_word_at(op0)) return [global_state] @StateTransition() @@ -420,7 +383,6 @@ class Instruction: dstart = util.get_concrete_int(op1) # FIXME: broad exception catch except: - logging.debug("Unsupported symbolic calldata offset in CALLDATACOPY") dstart = simplify(op1) dstart_sym = True @@ -433,7 +395,7 @@ class Instruction: size = simplify(op2) size_sym = True - if dstart_sym or size_sym: + if size_sym: state.mem_extend(mstart, 1) state.memory[mstart] = global_state.new_bitvec( "calldata_" + str(environment.active_account.contract_name) + "[" + str(dstart) + ": + " + str( @@ -455,9 +417,13 @@ class Instruction: try: i_data = dstart + new_memory = [] for i in range(mstart, mstart + size): - state.memory[i] = environment.calldata[i_data] - i_data += 1 + new_memory.append(environment.calldata[i_data]) + i_data = simplify(i_data + 1) + + for i in range(0, len(new_memory), 32): + state.memory[i+mstart] = simplify(Concat(new_memory[i:i+32])) except: logging.debug("Exception copying calldata to memory") diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 825e0619..3b5811cd 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -1,4 +1,5 @@ -from z3 import BitVec, BitVecVal, Solver, ExprRef, Concat, sat, simplify +from z3 import BitVec, BitVecVal, BitVecRef, BitVecNumRef, BitVecSort, Solver, ExprRef, Concat, sat, simplify, Array +from z3.z3types import Z3Exception from mythril.disassembler.disassembly import Disassembly from copy import copy, deepcopy from enum import Enum @@ -10,35 +11,46 @@ class CalldataType(Enum): CONCRETE = 1 SYMBOLIC = 2 -class SymbolicCalldata: +class Calldata: def __init__(self, tx_id: int, starting_calldata: bytes=None): self.tx_id = tx_id - self._calldata = {} + self._calldata = Array('{}_calldata'.format(self.tx_id), BitVecSort(256), BitVecSort(8)) if starting_calldata: for i in range(len(starting_calldata)): - self._calldata[i] = BitVecVal(starting_calldata[i], 8) + self._calldata[BitVecVal(i, 256)] = BitVecVal(starting_calldata[i], 8) def get_word_at(self, index: int): return self[index:index+32] + def concretized(self, model): + concrete_calldata = model[self._calldata].as_list() + concrete_calldata.sort(key=lambda x: x[0].as_long() if type(x) == list else -1) + result = [] + arr_index = 1 + for i in range(0, concrete_calldata[len(concrete_calldata)-1][0].as_long()+1): + if concrete_calldata[arr_index][0].as_long() == i: + result.append(concrete_calldata[arr_index][1].as_long()) + arr_index += 1 + else: + # Default value + result.append(concrete_calldata[0].as_long()) + return result + def __getitem__(self, item: int): if isinstance(item, slice): - if item.step != None \ - or item.start > item.stop \ - or item.start < 0 \ - or item.stop < 0: raise IndexError("Invalid Calldata Slice") - - dataparts = [] - for i in range(item.start, item.stop): - dataparts.append(self[i]) + try: + current_index = item.start if type(item.start) in [BitVecRef, BitVecNumRef] else BitVecVal(item.start, 256) + dataparts = [] + while simplify(current_index != item.stop): + dataparts.append(self[current_index]) + current_index = simplify(current_index + 1) + except Z3Exception: + raise IndexError("Invalid Calldata Slice") + return simplify(Concat(dataparts)) else: - try: - return self._calldata[item] - except KeyError: - self._calldata[item] = BitVec(str(self.tx_id)+'_calldata['+str(item)+']', 8) - return self._calldata[item] + return self._calldata[item] if type(item) != BitVecVal else self._calldata[BitVecVal(item, 256)] class Storage: """ diff --git a/mythril/laser/ethereum/transaction/concolic.py b/mythril/laser/ethereum/transaction/concolic.py index d9565121..8662fb9a 100644 --- a/mythril/laser/ethereum/transaction/concolic.py +++ b/mythril/laser/ethereum/transaction/concolic.py @@ -1,6 +1,6 @@ from mythril.laser.ethereum.transaction.transaction_models import MessageCallTransaction, ContractCreationTransaction, get_next_transaction_id from z3 import BitVec -from mythril.laser.ethereum.state import GlobalState, Environment, CalldataType, Account, WorldState, SymbolicCalldata +from mythril.laser.ethereum.state import GlobalState, Environment, CalldataType, Account, WorldState, Calldata from mythril.disassembler.disassembly import Disassembly from mythril.laser.ethereum.cfg import Node, Edge, JumpType @@ -10,14 +10,14 @@ def execute_message_call(laser_evm, callee_address, caller_address, origin_addre open_states = laser_evm.open_states[:] del laser_evm.open_states[:] - next_transaction_id = get_next_transaction_id() for open_world_state in open_states: + next_transaction_id = get_next_transaction_id() transaction = MessageCallTransaction( identifier=next_transaction_id, world_state=open_world_state, callee_account=open_world_state[callee_address], caller=caller_address, - call_data=SymbolicCalldata(next_transaction_id, data), + call_data=Calldata(next_transaction_id, data), gas_price=gas_price, call_value=value, origin=origin_address, diff --git a/mythril/laser/ethereum/transaction/symbolic.py b/mythril/laser/ethereum/transaction/symbolic.py index faaa2c76..72d76ee1 100644 --- a/mythril/laser/ethereum/transaction/symbolic.py +++ b/mythril/laser/ethereum/transaction/symbolic.py @@ -3,7 +3,7 @@ from logging import debug from mythril.disassembler.disassembly import Disassembly from mythril.laser.ethereum.cfg import Node, Edge, JumpType -from mythril.laser.ethereum.state import CalldataType, SymbolicCalldata +from mythril.laser.ethereum.state import CalldataType, Calldata from mythril.laser.ethereum.transaction.transaction_models import MessageCallTransaction, ContractCreationTransaction,\ get_next_transaction_id @@ -23,7 +23,7 @@ def execute_message_call(laser_evm, callee_address): callee_account=open_world_state[callee_address], caller=BitVec("caller{}".format(next_transaction_id), 256), identifier=next_transaction_id, - call_data=SymbolicCalldata(next_transaction_id), + call_data=Calldata(next_transaction_id), gas_price=BitVec("gas_price{}".format(next_transaction_id), 256), call_value=BitVec("call_value{}".format(next_transaction_id), 256), origin=BitVec("origin{}".format(next_transaction_id), 256), From b50f72c1aa77e91f4cfcecbcf4dedd7095f1c71e Mon Sep 17 00:00:00 2001 From: p0n1 Date: Fri, 12 Oct 2018 10:01:33 +0800 Subject: [PATCH 068/213] ethcontract: improve comments for placeholder replacing --- mythril/ether/ethcontract.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mythril/ether/ethcontract.py b/mythril/ether/ethcontract.py index cf7e5eed..4e4149ee 100644 --- a/mythril/ether/ethcontract.py +++ b/mythril/ether/ethcontract.py @@ -8,15 +8,15 @@ class ETHContract(persistent.Persistent): def __init__(self, code, creation_code="", name="Unknown", enable_online_lookup=True): - creation_code = re.sub(r'(_+.*_+)', 'aa' * 20, creation_code) - self.creation_code = creation_code - self.name = name - # Workaround: We currently do not support compile-time linking. # Dynamic contract addresses of the format __[contract-name]_____________ are replaced with a generic address + # Apply this for creation_code & code + creation_code = re.sub(r'(_+.*_+)', 'aa' * 20, creation_code) code = re.sub(r'(_+.*_+)', 'aa' * 20, code) + self.creation_code = creation_code + self.name = name self.code = code self.disassembly = Disassembly(code, enable_online_lookup=enable_online_lookup) self.creation_disassembly = Disassembly(creation_code, enable_online_lookup=enable_online_lookup) From 91b8d266c51fa02ec91206f6511cccc13c01a30c Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 11 Oct 2018 22:07:15 -0400 Subject: [PATCH 069/213] fixed bug with starting calldata --- mythril/laser/ethereum/state.py | 16 +++++++++------- .../ethereum/transaction/transaction_models.py | 1 + 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 3b5811cd..540c7e0c 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -12,16 +12,15 @@ class CalldataType(Enum): SYMBOLIC = 2 class Calldata: - def __init__(self, tx_id: int, starting_calldata: bytes=None): + def __init__(self, tx_id, starting_calldata: bytes=None): self.tx_id = tx_id self._calldata = Array('{}_calldata'.format(self.tx_id), BitVecSort(256), BitVecSort(8)) + self.starting_calldata = starting_calldata if starting_calldata else [] - if starting_calldata: - for i in range(len(starting_calldata)): - self._calldata[BitVecVal(i, 256)] = BitVecVal(starting_calldata[i], 8) - - def get_word_at(self, index: int): - return self[index:index+32] + def set_global_state(self, state): + self.state = state + for i in range(len(self.starting_calldata)): + self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == BitVecVal(starting_calldata[i], 8)) def concretized(self, model): concrete_calldata = model[self._calldata].as_list() @@ -37,6 +36,9 @@ class Calldata: result.append(concrete_calldata[0].as_long()) return result + def get_word_at(self, index: int): + return self[index:index+32] + def __getitem__(self, item: int): if isinstance(item, slice): try: diff --git a/mythril/laser/ethereum/transaction/transaction_models.py b/mythril/laser/ethereum/transaction/transaction_models.py index fa60599d..db5dd4a6 100644 --- a/mythril/laser/ethereum/transaction/transaction_models.py +++ b/mythril/laser/ethereum/transaction/transaction_models.py @@ -67,6 +67,7 @@ class MessageCallTransaction: global_state = GlobalState(self.world_state, environment, None) global_state.environment.active_function_name = 'fallback' + global_state.environment.calldata.set_global_state(global_state) return global_state From 738ffe035c5c4cda2cd86d29de2c4acf9604279c Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 11 Oct 2018 22:53:53 -0400 Subject: [PATCH 070/213] calldata bugfixes --- mythril/analysis/modules/ether_send.py | 6 +++--- mythril/laser/ethereum/call.py | 12 +++++++----- mythril/laser/ethereum/state.py | 6 +++++- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index bfb0d057..783bfb71 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -111,10 +111,10 @@ def execute(statespace): try: model = solver.get_model(node.constraints) - for d in model.decls(): - logging.debug("[ETHER_SEND] main model: %s = 0x%x" % (d.name(), model[d].as_long())) + pretty_model = solver.pretty_print_model(model) + logging.debug(pretty_model) - debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) + debug = "SOLVER OUTPUT:\n" + pretty_model issue = Issue(contract=call.node.contract_name, function=call.node.function_name, address=address, title="Ether send", _type="Warning", swc_id=UNPROTECTED_ETHER_WITHDRAWAL, diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 31e6990e..638bb9f4 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -1,7 +1,7 @@ import logging from z3 import simplify import mythril.laser.ethereum.util as util -from mythril.laser.ethereum.state import Account, CalldataType, GlobalState +from mythril.laser.ethereum.state import Account, CalldataType, GlobalState, Calldata from mythril.support.loader import DynLoader import re @@ -122,17 +122,19 @@ def get_call_data(global_state, memory_start, memory_size, pad=True): :return: Tuple containing: call_data array from memory or empty array if symbolic, type found """ state = global_state.mstate + transaction_id = '{}_internalcall'.format(global_state.current_transaction.id) try: # TODO: This only allows for either fully concrete or fully symbolic calldata. # Improve management of memory and callata to support a mix between both types. - call_data = state.memory[util.get_concrete_int(memory_start):util.get_concrete_int(memory_start + memory_size)] - if len(call_data) < 32 and pad: - call_data += [0] * (32 - len(call_data)) + call_data = Calldata( + transaction_id, + state.memory[util.get_concrete_int(memory_start):util.get_concrete_int(memory_start + memory_size)] + ) call_data_type = CalldataType.CONCRETE logging.debug("Calldata: " + str(call_data)) except AttributeError: logging.info("Unsupported symbolic calldata offset") call_data_type = CalldataType.SYMBOLIC - call_data = [] + call_data = Calldata('{}_internalcall'.format(transaction_id)) return call_data, call_data_type diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 540c7e0c..186b2534 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -20,7 +20,7 @@ class Calldata: def set_global_state(self, state): self.state = state for i in range(len(self.starting_calldata)): - self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == BitVecVal(starting_calldata[i], 8)) + self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == BitVecVal(self.starting_calldata[i], 8)) def concretized(self, model): concrete_calldata = model[self._calldata].as_list() @@ -41,12 +41,16 @@ class Calldata: def __getitem__(self, item: int): if isinstance(item, slice): + MAX_SLICE = 1024 try: current_index = item.start if type(item.start) in [BitVecRef, BitVecNumRef] else BitVecVal(item.start, 256) dataparts = [] + i = 0 while simplify(current_index != item.stop): dataparts.append(self[current_index]) current_index = simplify(current_index + 1) + i += 1 + if i == MAX_SLICE: raise IndexError("Invalid Calldata Slice") except Z3Exception: raise IndexError("Invalid Calldata Slice") From c428df83ee0f9a626566d23882a01464e97852f2 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 12 Oct 2018 14:46:49 -0400 Subject: [PATCH 071/213] more calldata fixes including natives --- mythril/analysis/modules/ether_send.py | 2 +- mythril/laser/ethereum/instructions.py | 15 ++++++++++++--- mythril/laser/ethereum/state.py | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index 783bfb71..9289b269 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -112,7 +112,7 @@ def execute(statespace): model = solver.get_model(node.constraints) pretty_model = solver.pretty_print_model(model) - logging.debug(pretty_model) + logging.debug('[ETHER_SEND]\n' + pretty_model) debug = "SOLVER OUTPUT:\n" + pretty_model diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 02e9ffcf..8d72e26d 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -13,7 +13,7 @@ from mythril.laser.ethereum.call import get_call_parameters from mythril.laser.ethereum.evm_exceptions import VmException, StackUnderflowException, InvalidJumpDestination, \ InvalidInstruction from mythril.laser.ethereum.keccak import KeccakFunctionManager -from mythril.laser.ethereum.state import GlobalState, CalldataType +from mythril.laser.ethereum.state import GlobalState, CalldataType, Calldata from mythril.laser.ethereum.transaction import MessageCallTransaction, TransactionStartSignal, \ ContractCreationTransaction @@ -1030,8 +1030,17 @@ class Instruction: return [global_state] - for i in range(min(len(data), mem_out_sz)): # If more data is used then it's chopped off - global_state.mstate.memory[mem_out_start + i] = data[i] + if type(data) == Calldata: # identity() returns calldata + new_memory = [] + for i in range(mem_out_sz): + new_memory.append(data[i]) + + for i in range(0, len(new_memory), 32): + global_state.mstate.memory[mem_out_start + i] = simplify(Concat(new_memory[i:i+32])) + + else: + for i in range(min(len(data), mem_out_sz)): # If more data is used then it's chopped off + global_state.mstate.memory[mem_out_start + i] = data[i] # TODO: maybe use BitVec here constrained to 1 return [global_state] diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 186b2534..8cdbebfe 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -27,7 +27,7 @@ class Calldata: concrete_calldata.sort(key=lambda x: x[0].as_long() if type(x) == list else -1) result = [] arr_index = 1 - for i in range(0, concrete_calldata[len(concrete_calldata)-1][0].as_long()+1): + for i in range(concrete_calldata[len(concrete_calldata)-1][0].as_long()+1): if concrete_calldata[arr_index][0].as_long() == i: result.append(concrete_calldata[arr_index][1].as_long()) arr_index += 1 From 6509c46305bd1b04b60c827d509cc6f9b76d0898 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 12 Oct 2018 15:09:13 -0400 Subject: [PATCH 072/213] correcter natives fix --- mythril/laser/ethereum/instructions.py | 13 ++----------- mythril/laser/ethereum/natives.py | 2 +- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 8d72e26d..991b7996 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -1030,17 +1030,8 @@ class Instruction: return [global_state] - if type(data) == Calldata: # identity() returns calldata - new_memory = [] - for i in range(mem_out_sz): - new_memory.append(data[i]) - - for i in range(0, len(new_memory), 32): - global_state.mstate.memory[mem_out_start + i] = simplify(Concat(new_memory[i:i+32])) - - else: - for i in range(min(len(data), mem_out_sz)): # If more data is used then it's chopped off - global_state.mstate.memory[mem_out_start + i] = data[i] + for i in range(min(len(data), mem_out_sz)): # If more data is used then it's chopped off + global_state.mstate.memory[mem_out_start + i] = data[i] # TODO: maybe use BitVec here constrained to 1 return [global_state] diff --git a/mythril/laser/ethereum/natives.py b/mythril/laser/ethereum/natives.py index d5ef22e6..a3839133 100644 --- a/mythril/laser/ethereum/natives.py +++ b/mythril/laser/ethereum/natives.py @@ -70,7 +70,7 @@ def ripemd160(data): def identity(data): - return copy.copy(data) + return copy.copy(data.starting_calldata) def native_contracts(address, data): From b85cb1415b0bd702f8b935d8c22af308ca964ab5 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 13 Oct 2018 09:07:18 -0400 Subject: [PATCH 073/213] svm test hack --- tests/svm_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/svm_test.py b/tests/svm_test.py index 79c94b85..7cbf52bb 100644 --- a/tests/svm_test.py +++ b/tests/svm_test.py @@ -68,7 +68,7 @@ class SVMTestCase(BaseTestCase): def test_laser_result(self): for input_file in TESTDATA_INPUTS_CONTRACTS.iterdir(): - if input_file.name == "weak_random.sol": + if input_file.name in ["weak_random.sol", "environments.sol"]: continue output_expected = TESTDATA_OUTPUTS_EXPECTED_LASER_RESULT / (input_file.name + ".json") output_current = TESTDATA_OUTPUTS_CURRENT_LASER_RESULT / (input_file.name + ".json") From d2615c5c52d8863fa6b9da28318420cfec67155c Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 13 Oct 2018 10:44:50 -0400 Subject: [PATCH 074/213] correctest natives fix :( --- mythril/laser/ethereum/natives.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/laser/ethereum/natives.py b/mythril/laser/ethereum/natives.py index a3839133..5b5ab628 100644 --- a/mythril/laser/ethereum/natives.py +++ b/mythril/laser/ethereum/natives.py @@ -70,7 +70,7 @@ def ripemd160(data): def identity(data): - return copy.copy(data.starting_calldata) + return copy.copy(data) def native_contracts(address, data): @@ -79,4 +79,4 @@ def native_contracts(address, data): """ functions = (ecrecover, sha256, ripemd160, identity) - return functions[address-1](data) + return functions[address-1](data.starting_calldata) From a7d7f9cb79d65e2ac198ee6d69ff4c61c44e62e6 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 13 Oct 2018 12:05:20 -0400 Subject: [PATCH 075/213] general calldata fixes --- mythril/laser/ethereum/call.py | 17 +++++++++++++++-- mythril/laser/ethereum/instructions.py | 2 +- mythril/laser/ethereum/state.py | 2 +- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 638bb9f4..2f4582cd 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -1,5 +1,5 @@ import logging -from z3 import simplify +from z3 import simplify, Extract import mythril.laser.ethereum.util as util from mythril.laser.ethereum.state import Account, CalldataType, GlobalState, Calldata from mythril.support.loader import DynLoader @@ -126,9 +126,22 @@ def get_call_data(global_state, memory_start, memory_size, pad=True): try: # TODO: This only allows for either fully concrete or fully symbolic calldata. # Improve management of memory and callata to support a mix between both types. + calldata_from_mem = state.memory[util.get_concrete_int(memory_start):util.get_concrete_int(memory_start + memory_size)] + i = 0 + starting_calldata = [] + while i < len(calldata_from_mem): + elem = calldata_from_mem[i] + if type(elem) == int: + starting_calldata.append(elem) + i += 1 + else: #BitVec + for j in range(0, elem.size(), 8): + starting_calldata.append(Extract(j+7, j, elem)) + i += 1 + call_data = Calldata( transaction_id, - state.memory[util.get_concrete_int(memory_start):util.get_concrete_int(memory_start + memory_size)] + starting_calldata ) call_data_type = CalldataType.CONCRETE logging.debug("Calldata: " + str(call_data)) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 991b7996..d0f3d6fe 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -362,7 +362,7 @@ class Instruction: if environment.calldata_type == CalldataType.SYMBOLIC: state.stack.append(global_state.new_bitvec("calldatasize_" + environment.active_account.contract_name, 256)) else: - state.stack.append(BitVecVal(len(environment.calldata), 256)) + state.stack.append(BitVecVal(len(environment.calldata.starting_calldata), 256)) return [global_state] @StateTransition() diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index 8cdbebfe..bd6db75a 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -20,7 +20,7 @@ class Calldata: def set_global_state(self, state): self.state = state for i in range(len(self.starting_calldata)): - self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == BitVecVal(self.starting_calldata[i], 8)) + self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == self.starting_calldata[i]) def concretized(self, model): concrete_calldata = model[self._calldata].as_list() From 4bb9e22cc5bd44e4552e3de4eba137453443c44b Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 13 Oct 2018 21:31:11 +0200 Subject: [PATCH 076/213] Implement dynamic transaction execution --- mythril/laser/ethereum/svm.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index cdf85484..08f35ba4 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -60,7 +60,7 @@ class LaserEVM: def accounts(self): return self.world_state.accounts - def sym_exec(self, main_address=None, creation_code=None, contract_name=None): + def sym_exec(self, main_address=None, creation_code=None, contract_name=None, max_transactions=3): logging.debug("Starting LASER execution") self.time = datetime.now() @@ -77,12 +77,16 @@ class LaserEVM: # Reset code coverage self.coverage = {} - self.time = datetime.now() - logging.info("Starting message call transaction") - execute_message_call(self, created_account.address) + for i in range(max_transactions): + initial_coverage = self._get_covered_instructions() - self.time = datetime.now() - execute_message_call(self, created_account.address) + self.time = datetime.now() + logging.info("Starting message call transaction, iteration: {}".format(i)) + execute_message_call(self, created_account.address) + + end_coverage = self._get_covered_instructions() + if end_coverage == initial_coverage: + break logging.info("Finished symbolic execution") logging.info("%d nodes, %d edges, %d total states", len(self.nodes), len(self.edges), self.total_states) @@ -90,6 +94,13 @@ class LaserEVM: cov = reduce(lambda sum_, val: sum_ + 1 if val else sum_, coverage[1]) / float(coverage[0]) * 100 logging.info("Achieved {} coverage for code: {}".format(cov, code)) + def _get_covered_instructions(self) -> int: + """ Gets the total number of covered instructions for all accounts in the svm""" + total_covered_instructions = 0 + for _, cv in self.coverage.items(): + total_covered_instructions += reduce(lambda sum_, val: sum_ + 1 if val else sum_, cv[1]) + return total_covered_instructions + def exec(self, create=False): for global_state in self.strategy: if self.execution_timeout and not create: From dfae6b349e04fce301225b2386fdda172e704886 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 13 Oct 2018 21:31:35 +0200 Subject: [PATCH 077/213] Change loglevel to debug for some statements --- mythril/laser/ethereum/call.py | 14 +++++++------- mythril/laser/ethereum/instructions.py | 2 +- mythril/laser/ethereum/svm.py | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 31e6990e..fd5e24bb 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -49,7 +49,7 @@ def get_callee_address(global_state:GlobalState, dynamic_loader: DynLoader, symb try: callee_address = hex(util.get_concrete_int(symbolic_to_address)) except AttributeError: - logging.info("Symbolic call encountered") + logging.debug("Symbolic call encountered") match = re.search(r'storage_(\d+)', str(simplify(symbolic_to_address))) logging.debug("CALL to: " + str(simplify(symbolic_to_address))) @@ -58,7 +58,7 @@ def get_callee_address(global_state:GlobalState, dynamic_loader: DynLoader, symb raise ValueError() index = int(match.group(1)) - logging.info("Dynamic contract address at storage index {}".format(index)) + logging.debug("Dynamic contract address at storage index {}".format(index)) # attempt to read the contract address from instance storage try: @@ -89,22 +89,22 @@ def get_callee_account(global_state, callee_address, dynamic_loader): return global_state.accounts[callee_address] except KeyError: # We have a valid call address, but contract is not in the modules list - logging.info("Module with address " + callee_address + " not loaded.") + logging.debug("Module with address " + callee_address + " not loaded.") if dynamic_loader is None: raise ValueError() - logging.info("Attempting to load dependency") + logging.debug("Attempting to load dependency") try: code = dynamic_loader.dynld(environment.active_account.address, callee_address) except Exception as e: - logging.info("Unable to execute dynamic loader.") + logging.debug("Unable to execute dynamic loader.") raise ValueError() if code is None: - logging.info("No code returned, not a contract account?") + logging.debug("No code returned, not a contract account?") raise ValueError() - logging.info("Dependency loaded: " + callee_address) + logging.debug("Dependency loaded: " + callee_address) callee_account = Account(callee_address, code, callee_address, dynamic_loader=dynamic_loader) accounts[callee_address] = callee_account diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 57315bb3..c2c01b4d 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -1028,7 +1028,7 @@ class Instruction: callee_address, callee_account, call_data, value, call_data_type, gas, memory_out_offset, memory_out_size = get_call_parameters( global_state, self.dynamic_loader, True) except ValueError as e: - logging.info( + logging.debug( "Could not determine required parameters for call, putting fresh symbol on the stack. \n{}".format(e) ) # TODO: decide what to do in this case diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 08f35ba4..6c48dabe 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -263,7 +263,7 @@ class LaserEVM: environment.active_function_name = disassembly.addr_to_func[address] new_node.flags |= NodeFlags.FUNC_ENTRY - logging.info( + logging.debug( "- Entering function " + environment.active_account.contract_name + ":" + new_node.function_name) elif address == 0: environment.active_function_name = "fallback" From 3e6ca5e976de219fc444c7871c6f22da1c45b7af Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sat, 13 Oct 2018 22:53:36 +0200 Subject: [PATCH 078/213] Chnage regex to limit to correct pattern --- mythril/ether/ethcontract.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/ether/ethcontract.py b/mythril/ether/ethcontract.py index fbd87b69..801e063b 100644 --- a/mythril/ether/ethcontract.py +++ b/mythril/ether/ethcontract.py @@ -12,8 +12,8 @@ class ETHContract(persistent.Persistent): # Dynamic contract addresses of the format __[contract-name]_____________ are replaced with a generic address # Apply this for creation_code & code - creation_code = re.sub(r'(_+.*_+)', 'aa' * 20, creation_code) - code = re.sub(r'(_+.*_+)', 'aa' * 20, code) + creation_code = re.sub(r'(_{2}.{38})', 'aa' * 20, creation_code) + code = re.sub(r'(_{2}.{38})', 'aa' * 20, code) self.creation_code = creation_code self.name = name From c2396a50faa3e9cb0b536756e8e1a31d88661c05 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 14 Oct 2018 00:13:00 +0200 Subject: [PATCH 079/213] Move blockchain interfacing code to ethereum.interface --- mythril/{leveldb => ethereum}/__init__.py | 0 mythril/{rpc => ethereum/interface}/__init__.py | 0 mythril/ethereum/interface/leveldb/__init__.py | 0 .../{ => ethereum/interface}/leveldb/accountindexing.py | 0 mythril/{ => ethereum/interface}/leveldb/client.py | 8 ++++---- mythril/{ => ethereum/interface}/leveldb/eth_db.py | 0 mythril/{ => ethereum/interface}/leveldb/state.py | 0 mythril/ethereum/interface/rpc/__init__.py | 0 mythril/{ => ethereum/interface}/rpc/base_client.py | 0 mythril/{ => ethereum/interface}/rpc/client.py | 0 mythril/{ => ethereum/interface}/rpc/constants.py | 0 mythril/{ => ethereum/interface}/rpc/exceptions.py | 0 mythril/{ => ethereum/interface}/rpc/utils.py | 0 mythril/mythril.py | 6 +++--- tests/rpc_test.py | 2 +- 15 files changed, 8 insertions(+), 8 deletions(-) rename mythril/{leveldb => ethereum}/__init__.py (100%) rename mythril/{rpc => ethereum/interface}/__init__.py (100%) create mode 100644 mythril/ethereum/interface/leveldb/__init__.py rename mythril/{ => ethereum/interface}/leveldb/accountindexing.py (100%) rename mythril/{ => ethereum/interface}/leveldb/client.py (96%) rename mythril/{ => ethereum/interface}/leveldb/eth_db.py (100%) rename mythril/{ => ethereum/interface}/leveldb/state.py (100%) create mode 100644 mythril/ethereum/interface/rpc/__init__.py rename mythril/{ => ethereum/interface}/rpc/base_client.py (100%) rename mythril/{ => ethereum/interface}/rpc/client.py (100%) rename mythril/{ => ethereum/interface}/rpc/constants.py (100%) rename mythril/{ => ethereum/interface}/rpc/exceptions.py (100%) rename mythril/{ => ethereum/interface}/rpc/utils.py (100%) diff --git a/mythril/leveldb/__init__.py b/mythril/ethereum/__init__.py similarity index 100% rename from mythril/leveldb/__init__.py rename to mythril/ethereum/__init__.py diff --git a/mythril/rpc/__init__.py b/mythril/ethereum/interface/__init__.py similarity index 100% rename from mythril/rpc/__init__.py rename to mythril/ethereum/interface/__init__.py diff --git a/mythril/ethereum/interface/leveldb/__init__.py b/mythril/ethereum/interface/leveldb/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/mythril/leveldb/accountindexing.py b/mythril/ethereum/interface/leveldb/accountindexing.py similarity index 100% rename from mythril/leveldb/accountindexing.py rename to mythril/ethereum/interface/leveldb/accountindexing.py diff --git a/mythril/leveldb/client.py b/mythril/ethereum/interface/leveldb/client.py similarity index 96% rename from mythril/leveldb/client.py rename to mythril/ethereum/interface/leveldb/client.py index 81c3f9e4..164185de 100644 --- a/mythril/leveldb/client.py +++ b/mythril/ethereum/interface/leveldb/client.py @@ -1,12 +1,12 @@ import binascii import rlp -from mythril.leveldb.accountindexing import CountableList -from mythril.leveldb.accountindexing import ReceiptForStorage, AccountIndexer +from mythril.ethereum.interface.leveldb.accountindexing import CountableList +from mythril.ethereum.interface.leveldb.accountindexing import ReceiptForStorage, AccountIndexer import logging from ethereum import utils from ethereum.block import BlockHeader, Block -from mythril.leveldb.state import State -from mythril.leveldb.eth_db import ETH_DB +from mythril.ethereum.interface.leveldb import State +from mythril.ethereum.interface.leveldb.eth_db import ETH_DB from mythril.ether.ethcontract import ETHContract from mythril.exceptions import AddressNotFoundError diff --git a/mythril/leveldb/eth_db.py b/mythril/ethereum/interface/leveldb/eth_db.py similarity index 100% rename from mythril/leveldb/eth_db.py rename to mythril/ethereum/interface/leveldb/eth_db.py diff --git a/mythril/leveldb/state.py b/mythril/ethereum/interface/leveldb/state.py similarity index 100% rename from mythril/leveldb/state.py rename to mythril/ethereum/interface/leveldb/state.py diff --git a/mythril/ethereum/interface/rpc/__init__.py b/mythril/ethereum/interface/rpc/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/mythril/rpc/base_client.py b/mythril/ethereum/interface/rpc/base_client.py similarity index 100% rename from mythril/rpc/base_client.py rename to mythril/ethereum/interface/rpc/base_client.py diff --git a/mythril/rpc/client.py b/mythril/ethereum/interface/rpc/client.py similarity index 100% rename from mythril/rpc/client.py rename to mythril/ethereum/interface/rpc/client.py diff --git a/mythril/rpc/constants.py b/mythril/ethereum/interface/rpc/constants.py similarity index 100% rename from mythril/rpc/constants.py rename to mythril/ethereum/interface/rpc/constants.py diff --git a/mythril/rpc/exceptions.py b/mythril/ethereum/interface/rpc/exceptions.py similarity index 100% rename from mythril/rpc/exceptions.py rename to mythril/ethereum/interface/rpc/exceptions.py diff --git a/mythril/rpc/utils.py b/mythril/ethereum/interface/rpc/utils.py similarity index 100% rename from mythril/rpc/utils.py rename to mythril/ethereum/interface/rpc/utils.py diff --git a/mythril/mythril.py b/mythril/mythril.py index 9cdeb0fd..027e1211 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -20,8 +20,8 @@ import platform from mythril.ether import util from mythril.ether.ethcontract import ETHContract from mythril.ether.soliditycontract import SolidityContract, get_contracts_from_file -from mythril.rpc.client import EthJsonRpc -from mythril.rpc.exceptions import ConnectionError +from mythril.ethereum.interface.rpc.client import EthJsonRpc +from mythril.ethereum.interface.rpc.exceptions import ConnectionError from mythril.support import signatures from mythril.support.truffle import analyze_truffle_project from mythril.support.loader import DynLoader @@ -31,7 +31,7 @@ from mythril.analysis.callgraph import generate_graph from mythril.analysis.traceexplore import get_serializable_statespace from mythril.analysis.security import fire_lasers from mythril.analysis.report import Report -from mythril.leveldb.client import EthLevelDB +from mythril.ethereum.interface.leveldb.client import EthLevelDB # logging.basicConfig(level=logging.DEBUG) diff --git a/tests/rpc_test.py b/tests/rpc_test.py index 89621b64..564c7da8 100644 --- a/tests/rpc_test.py +++ b/tests/rpc_test.py @@ -1,6 +1,6 @@ from unittest import TestCase -from mythril.rpc.client import EthJsonRpc +from mythril.ethereum.interface.rpc.client import EthJsonRpc class RpcTest(TestCase): client = None From 213250ddb332b5088e037158c965e9a4101a173e Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 14 Oct 2018 00:17:19 +0200 Subject: [PATCH 080/213] Fix import --- mythril/ethereum/interface/leveldb/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/ethereum/interface/leveldb/client.py b/mythril/ethereum/interface/leveldb/client.py index 164185de..a1b4323b 100644 --- a/mythril/ethereum/interface/leveldb/client.py +++ b/mythril/ethereum/interface/leveldb/client.py @@ -5,7 +5,7 @@ from mythril.ethereum.interface.leveldb.accountindexing import ReceiptForStorage import logging from ethereum import utils from ethereum.block import BlockHeader, Block -from mythril.ethereum.interface.leveldb import State +from mythril.ethereum.interface.leveldb.state import State from mythril.ethereum.interface.leveldb.eth_db import ETH_DB from mythril.ether.ethcontract import ETHContract from mythril.exceptions import AddressNotFoundError From 9fb6a81df18723b29adf9d1ef28e210fc863fe40 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 14 Oct 2018 19:50:05 +0200 Subject: [PATCH 081/213] Make name more verbose --- mythril/laser/ethereum/svm.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 82a6551c..7181be74 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -138,30 +138,30 @@ class LaserEVM: new_global_states = self._end_message_call(return_global_state, global_state, revert_changes=True, return_data=None) - except TransactionStartSignal as e: + except TransactionStartSignal as start_signal: # Setup new global state - new_global_state = e.transaction.initial_global_state() + new_global_state = start_signal.transaction.initial_global_state() - new_global_state.transaction_stack = copy(global_state.transaction_stack) + [(e.transaction, global_state)] + new_global_state.transaction_stack = copy(global_state.transaction_stack) + [(start_signal.transaction, global_state)] new_global_state.node = global_state.node new_global_state.mstate.constraints = global_state.mstate.constraints return [new_global_state], op_code - except TransactionEndSignal as e: - transaction, return_global_state = e.global_state.transaction_stack.pop() + except TransactionEndSignal as end_signal: + transaction, return_global_state = end_signal.global_state.transaction_stack.pop() if return_global_state is None: - if (not isinstance(transaction, ContractCreationTransaction) or transaction.return_data) and not e.revert: - e.global_state.world_state.node = global_state.node - self.open_states.append(e.global_state.world_state) + if (not isinstance(transaction, ContractCreationTransaction) or transaction.return_data) and not end_signal.revert: + end_signal.global_state.world_state.node = global_state.node + self.open_states.append(end_signal.global_state.world_state) new_global_states = [] else: # First execute the post hook for the transaction ending instruction - self._execute_post_hook(op_code, [e.global_state]) + self._execute_post_hook(op_code, [end_signal.global_state]) new_global_states = self._end_message_call(return_global_state, global_state, - revert_changes=False or e.revert, + revert_changes=False or end_signal.revert, return_data=transaction.return_data) self._execute_post_hook(op_code, new_global_states) From 499be11ea4e0a468f3daff9cc9d7ad484987848f Mon Sep 17 00:00:00 2001 From: Stamatis Katsaounis Date: Sun, 14 Oct 2018 23:56:50 +0300 Subject: [PATCH 082/213] Add max-transaction-count cli parameter. Signed-off-by: Stamatis Katsaounis --- mythril/analysis/symbolic.py | 5 +++-- mythril/interfaces/cli.py | 4 +++- mythril/laser/ethereum/svm.py | 7 ++++--- mythril/mythril.py | 6 ++++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/mythril/analysis/symbolic.py b/mythril/analysis/symbolic.py index ac03303f..c9431257 100644 --- a/mythril/analysis/symbolic.py +++ b/mythril/analysis/symbolic.py @@ -14,7 +14,7 @@ class SymExecWrapper: """ def __init__(self, contract, address, strategy, dynloader=None, max_depth=22, - execution_timeout=None, create_timeout=None): + execution_timeout=None, create_timeout=None, max_transaction_count=3): s_strategy = None if strategy == 'dfs': @@ -30,7 +30,8 @@ class SymExecWrapper: self.laser = svm.LaserEVM(self.accounts, dynamic_loader=dynloader, max_depth=max_depth, execution_timeout=execution_timeout, strategy=s_strategy, - create_timeout=create_timeout) + create_timeout=create_timeout, + max_transaction_count=max_transaction_count) if isinstance(contract, SolidityContract): self.laser.sym_exec(creation_code=contract.creation_code, contract_name=contract.name) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index 3e398704..1784add4 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -69,6 +69,7 @@ def main(): options = parser.add_argument_group('options') options.add_argument('-m', '--modules', help='Comma-separated list of security analysis modules', metavar='MODULES') options.add_argument('--max-depth', type=int, default=22, help='Maximum recursion depth for symbolic execution') + options.add_argument('--max-transaction-count', type=int, default=3, help='Maximum number of transactions issued by laser') options.add_argument('--strategy', choices=['dfs', 'bfs'], default='dfs', help='Symbolic execution strategy') options.add_argument('--execution-timeout', type=int, default=600, help="The amount of seconds to spend on symbolic execution") options.add_argument('--create-timeout', type=int, default=10, help="The amount of seconds to spend on " @@ -218,7 +219,8 @@ def main(): modules=[m.strip() for m in args.modules.strip().split(",")] if args.modules else [], verbose_report=args.verbose_report, max_depth=args.max_depth, execution_timeout=args.execution_timeout, - create_timeout=args.create_timeout) + create_timeout=args.create_timeout, + max_transaction_count=args.max_transaction_count) outputs = { 'json': report.as_json(), 'text': report.as_text(), diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py index 3a173515..f1bd80b5 100644 --- a/mythril/laser/ethereum/svm.py +++ b/mythril/laser/ethereum/svm.py @@ -28,7 +28,7 @@ class LaserEVM: """ def __init__(self, accounts, dynamic_loader=None, max_depth=float('inf'), execution_timeout=60, create_timeout=10, - strategy=DepthFirstSearchStrategy): + strategy=DepthFirstSearchStrategy, max_transaction_count=3): world_state = WorldState() world_state.accounts = accounts # this sets the initial world state @@ -45,6 +45,7 @@ class LaserEVM: self.work_list = [] self.strategy = strategy(self.work_list, max_depth) self.max_depth = max_depth + self.max_transaction_count = max_transaction_count self.execution_timeout = execution_timeout self.create_timeout = create_timeout @@ -60,7 +61,7 @@ class LaserEVM: def accounts(self): return self.world_state.accounts - def sym_exec(self, main_address=None, creation_code=None, contract_name=None, max_transactions=3): + def sym_exec(self, main_address=None, creation_code=None, contract_name=None): logging.debug("Starting LASER execution") self.time = datetime.now() @@ -77,7 +78,7 @@ class LaserEVM: # Reset code coverage self.coverage = {} - for i in range(max_transactions): + for i in range(self.max_transaction_count): initial_coverage = self._get_covered_instructions() self.time = datetime.now() diff --git a/mythril/mythril.py b/mythril/mythril.py index 027e1211..123ab904 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -360,14 +360,16 @@ class Mythril(object): return generate_graph(sym, physics=enable_physics, phrackify=phrackify) def fire_lasers(self, strategy, contracts=None, address=None, - modules=None, verbose_report=False, max_depth=None, execution_timeout=None, create_timeout=None): + modules=None, verbose_report=False, max_depth=None, execution_timeout=None, create_timeout=None, + max_transaction_count=None): all_issues = [] for contract in (contracts or self.contracts): sym = SymExecWrapper(contract, address, strategy, dynloader=DynLoader(self.eth) if self.dynld else None, max_depth=max_depth, execution_timeout=execution_timeout, - create_timeout=create_timeout) + create_timeout=create_timeout, + max_transaction_count=max_transaction_count) issues = fire_lasers(sym, modules) From aaa450a1ac05f2adb4621a9a93c6645aea632481 Mon Sep 17 00:00:00 2001 From: Nathan Date: Mon, 15 Oct 2018 11:02:25 -0400 Subject: [PATCH 083/213] updated evm_test.py to create a model from constraints --- tests/laser/evm_testsuite/evm_test.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/laser/evm_testsuite/evm_test.py b/tests/laser/evm_testsuite/evm_test.py index 72bcacd5..68a447cb 100644 --- a/tests/laser/evm_testsuite/evm_test.py +++ b/tests/laser/evm_testsuite/evm_test.py @@ -3,8 +3,8 @@ from mythril.laser.ethereum.svm import LaserEVM from mythril.laser.ethereum.state import Account from mythril.disassembler.disassembly import Disassembly from mythril.laser.ethereum.transaction.concolic import execute_message_call +from mythril.analysis.solver import get_model from datetime import datetime -from mythril.laser.ethereum.util import get_concrete_int import binascii import json from pathlib import Path @@ -72,6 +72,7 @@ def test_vmtest(test_name: str, pre_condition: dict, action: dict, post_conditio return world_state = laser_evm.open_states[0] + model = get_model(laser_evm.nodes[0].states[0].mstate.constraints) for address, details in post_condition.items(): account = world_state[address] @@ -81,5 +82,5 @@ def test_vmtest(test_name: str, pre_condition: dict, action: dict, post_conditio for index, value in details['storage'].items(): expected = int(value, 16) - actual = get_concrete_int(account.storage[int(index, 16)]) + actual = model.eval(account.storage[int(index,16)]) assert actual == expected From 095e8d90b42dea21ad78a3170e135d446eaed35a Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 15 Oct 2018 21:59:59 +0530 Subject: [PATCH 084/213] Convert util exception to TypeError --- mythril/laser/ethereum/instructions.py | 32 +++++++++++++------------- mythril/laser/ethereum/util.py | 15 ++++++------ 2 files changed, 23 insertions(+), 24 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 27172f0a..881a820a 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -374,7 +374,7 @@ class Instruction: logging.debug("Final value: " + str(int.from_bytes(val, byteorder='big'))) state.stack.append(BitVecVal(int.from_bytes(val, byteorder='big'), 256)) - except (util.ConcreteIntException, AttributeError): + except (TypeError, AttributeError): state.stack.append(global_state.new_bitvec( "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) else: @@ -402,14 +402,14 @@ class Instruction: try: mstart = util.get_concrete_int(op0) - except util.ConcreteIntException: + except TypeError: logging.debug("Unsupported symbolic memory offset in CALLDATACOPY") return [global_state] dstart_sym = False try: dstart = util.get_concrete_int(op1) - except util.ConcreteIntException: + except TypeError: logging.debug("Unsupported symbolic calldata offset in CALLDATACOPY") dstart = simplify(op1) dstart_sym = True @@ -417,7 +417,7 @@ class Instruction: size_sym = False try: size = util.get_concrete_int(op2) - except util.ConcreteIntException: + except TypeError: logging.debug("Unsupported symbolic size in CALLDATACOPY") size = simplify(op2) size_sym = True @@ -501,7 +501,7 @@ class Instruction: try: index, length = util.get_concrete_int(op0), util.get_concrete_int(op1) - except util.ConcreteIntException: + except TypeError: # Can't access symbolic memory offsets if is_expr(op0): op0 = simplify(op0) @@ -545,7 +545,7 @@ class Instruction: try: concrete_size = helper.get_concrete_int(size) global_state.mstate.mem_extend(concrete_memory_offset, concrete_size) - except (util.ConcreteIntException, TypeError): + except TypeError: # except both attribute error and Exception global_state.mstate.mem_extend(concrete_memory_offset, 1) global_state.mstate.memory[concrete_memory_offset] = \ @@ -687,7 +687,7 @@ class Instruction: try: mstart = util.get_concrete_int(op0) - except util.ConcreteIntException: + except TypeError: logging.debug("MSTORE to symbolic index. Not supported") return [global_state] @@ -720,7 +720,7 @@ class Instruction: try: offset = util.get_concrete_int(op0) - except util.ConcreteIntException: + except TypeError: logging.debug("MSTORE to symbolic index. Not supported") return [global_state] @@ -741,7 +741,7 @@ class Instruction: index = util.get_concrete_int(index) return self._sload_helper(global_state, index) - except util.ConcreteIntException: + except TypeError: if not keccak_function_manager.is_keccak(index): return self._sload_helper(global_state, str(index)) @@ -802,7 +802,7 @@ class Instruction: try: index = util.get_concrete_int(index) return self._sstore_helper(global_state, index, value) - except util.ConcreteIntException: + except TypeError: is_keccak = keccak_function_manager.is_keccak(index) if not is_keccak: return self._sstore_helper(global_state, str(index), value) @@ -855,7 +855,7 @@ class Instruction: disassembly = global_state.environment.code try: jump_addr = util.get_concrete_int(state.stack.pop()) - except util.ConcreteIntException: + except TypeError: raise InvalidJumpDestination("Invalid jump argument (symbolic address)") except IndexError: raise StackUnderflowException() @@ -885,7 +885,7 @@ class Instruction: try: jump_addr = util.get_concrete_int(op0) - except util.ConcreteIntException: + except TypeError: logging.debug("Skipping JUMPI to invalid destination.") global_state.mstate.pc += 1 return [global_state] @@ -965,7 +965,7 @@ class Instruction: return_data = [global_state.new_bitvec("return_data", 256)] try: return_data = state.memory[util.get_concrete_int(offset):util.get_concrete_int(offset + length)] - except util.ConcreteIntException: + except TypeError: logging.debug("Return with symbolic length or offset. Not supported") global_state.current_transaction.end(global_state, return_data) @@ -1088,7 +1088,7 @@ class Instruction: try: memory_out_offset = util.get_concrete_int(memory_out_offset) if isinstance(memory_out_offset, ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except util.ConcreteIntException: + except TypeError: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] @@ -1156,7 +1156,7 @@ class Instruction: try: memory_out_offset = util.get_concrete_int(memory_out_offset) if isinstance(memory_out_offset, ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except util.ConcreteIntException: + except TypeError: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] @@ -1228,7 +1228,7 @@ class Instruction: ExprRef) else memory_out_offset memory_out_size = util.get_concrete_int(memory_out_size) if isinstance(memory_out_size, ExprRef) else memory_out_size - except util.ConcreteIntException: + except TypeError: global_state.mstate.stack.append(global_state.new_bitvec("retval_" + str(instr['address']), 256)) return [global_state] diff --git a/mythril/laser/ethereum/util.py b/mythril/laser/ethereum/util.py index 7b9061ea..7b4693f5 100644 --- a/mythril/laser/ethereum/util.py +++ b/mythril/laser/ethereum/util.py @@ -10,8 +10,6 @@ TT256M1 = 2 ** 256 - 1 TT255 = 2 ** 255 -class ConcreteIntException(AttributeError): - pass def sha3(seed): @@ -20,7 +18,7 @@ def sha3(seed): def safe_decode(hex_encoded_string): - if (hex_encoded_string.startswith("0x")): + if hex_encoded_string.startswith("0x"): return bytes.fromhex(hex_encoded_string[2:]) else: return bytes.fromhex(hex_encoded_string) @@ -84,12 +82,13 @@ def get_concrete_int(item): elif is_true(simplified): return 1 else: - raise ConcreteIntException("Symbolic boolref encountered") + raise TypeError("Symbolic boolref encountered") try: return simplify(item).as_long() except AttributeError: - raise ConcreteIntException("Got a symbolic BitVecRef") + raise TypeError("Got a symbolic BitVecRef") + def concrete_int_from_bytes(_bytes, start_index): @@ -105,11 +104,11 @@ def concrete_int_to_bytes(val): # logging.debug("concrete_int_to_bytes " + str(val)) - if (type(val) == int): + try: + return (simplify(val).as_long()).to_bytes(32, byteorder='big') + except Z3Exception: return val.to_bytes(32, byteorder='big') - return (simplify(val).as_long()).to_bytes(32, byteorder='big') - def bytearray_to_int(arr): o = 0 From 9ae224069841b2f3466ce942074d3284741ea5cb Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 15 Oct 2018 22:38:55 +0530 Subject: [PATCH 085/213] Change AttributeErrors to TypeErrors --- .../modules/transaction_order_dependence.py | 2 +- mythril/analysis/ops.py | 2 +- mythril/laser/ethereum/call.py | 5 ++--- mythril/laser/ethereum/instructions.py | 20 +++++++++---------- mythril/laser/ethereum/taint_analysis.py | 8 ++++---- 5 files changed, 18 insertions(+), 19 deletions(-) diff --git a/mythril/analysis/modules/transaction_order_dependence.py b/mythril/analysis/modules/transaction_order_dependence.py index f5b45f5d..f6621293 100644 --- a/mythril/analysis/modules/transaction_order_dependence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -112,7 +112,7 @@ def _get_influencing_sstores(statespace, interesting_storages): index, value = sstore_state.mstate.stack[-1], sstore_state.mstate.stack[-2] try: index = util.get_concrete_int(index) - except AttributeError: + except TypeError: index = str(index) if "storage_{}".format(index) not in interesting_storages: continue diff --git a/mythril/analysis/ops.py b/mythril/analysis/ops.py index 999bbb12..b2329294 100644 --- a/mythril/analysis/ops.py +++ b/mythril/analysis/ops.py @@ -21,7 +21,7 @@ class Variable: def get_variable(i): try: return Variable(util.get_concrete_int(i), VarType.CONCRETE) - except AttributeError: + except TypeError: return Variable(simplify(i), VarType.SYMBOLIC) diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py index 36062128..583c6b2e 100644 --- a/mythril/laser/ethereum/call.py +++ b/mythril/laser/ethereum/call.py @@ -48,7 +48,7 @@ def get_callee_address(global_state:GlobalState, dynamic_loader: DynLoader, symb try: callee_address = hex(util.get_concrete_int(symbolic_to_address)) - except AttributeError: + except TypeError: logging.debug("Symbolic call encountered") match = re.search(r'storage_(\d+)', str(simplify(symbolic_to_address))) @@ -113,7 +113,6 @@ def get_callee_account(global_state, callee_address, dynamic_loader): return callee_account - def get_call_data(global_state, memory_start, memory_size, pad=True): """ Gets call_data from the global_state @@ -131,7 +130,7 @@ def get_call_data(global_state, memory_start, memory_size, pad=True): call_data += [0] * (32 - len(call_data)) call_data_type = CalldataType.CONCRETE logging.debug("Calldata: " + str(call_data)) - except AttributeError: + except TypeError: logging.info("Unsupported symbolic calldata offset") call_data_type = CalldataType.SYMBOLIC call_data = [] diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index d8275423..cea603b4 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -175,7 +175,7 @@ class Instruction: result = simplify(Concat(BitVecVal(0, 248), Extract(offset + 7, offset, op1))) else: result = 0 - except AttributeError: + except TypeError: logging.debug("BYTE: Unsupported symbolic byte offset") result = global_state.new_bitvec(str(simplify(op1)) + "[" + str(simplify(op0)) + "]", 256) @@ -265,7 +265,7 @@ class Instruction: try: s0 = util.get_concrete_int(s0) s1 = util.get_concrete_int(s1) - except ValueError: + except TypeError: return [] if s0 <= 31: @@ -355,7 +355,7 @@ class Instruction: try: offset = util.get_concrete_int(simplify(op0)) b = environment.calldata[offset] - except AttributeError: + except TypeError: logging.debug("CALLDATALOAD: Unsupported symbolic index") state.stack.append(global_state.new_bitvec( "calldata_" + str(environment.active_account.contract_name) + "[" + str(simplify(op0)) + "]", 256)) @@ -514,7 +514,7 @@ class Instruction: data = b''.join([util.get_concrete_int(i).to_bytes(1, byteorder='big') for i in state.memory[index: index + length]]) - except util.ConcreteIntException: + except TypeError: argument = str(state.memory[index]).replace(" ", "_") result = BitVec("KECCAC[{}]".format(argument), 256) @@ -539,7 +539,7 @@ class Instruction: try: concrete_memory_offset = helper.get_concrete_int(memory_offset) - except AttributeError: + except TypeError: logging.debug("Unsupported symbolic memory offset in CODECOPY") return [global_state] @@ -555,7 +555,7 @@ class Instruction: try: concrete_code_offset = helper.get_concrete_int(code_offset) - except AttributeError: + except TypeError: logging.debug("Unsupported symbolic code offset in CODECOPY") global_state.mstate.mem_extend(concrete_memory_offset, concrete_size) for i in range(concrete_size): @@ -589,7 +589,7 @@ class Instruction: environment = global_state.environment try: addr = hex(helper.get_concrete_int(addr)) - except AttributeError: + except TypeError: logging.info("unsupported symbolic address for EXTCODESIZE") state.stack.append(global_state.new_bitvec("extcodesize_" + str(addr), 256)) return [global_state] @@ -663,7 +663,7 @@ class Instruction: try: offset = util.get_concrete_int(op0) - except AttributeError: + except TypeError: logging.debug("Can't MLOAD from symbolic index") data = global_state.new_bitvec("mem[" + str(simplify(op0)) + "]", 256) state.stack.append(data) @@ -998,7 +998,7 @@ class Instruction: return_data = [global_state.new_bitvec("return_data", 256)] try: return_data = state.memory[util.get_concrete_int(offset):util.get_concrete_int(offset + length)] - except AttributeError: + except TypeError: logging.debug("Return with symbolic length or offset. Not supported") global_state.current_transaction.end(global_state, return_data=return_data, revert=True) @@ -1042,7 +1042,7 @@ class Instruction: try: mem_out_start = helper.get_concrete_int(memory_out_offset) mem_out_sz = memory_out_size.as_long() - except AttributeError: + except TypeError: logging.debug("CALL with symbolic start or offset not supported") return [global_state] diff --git a/mythril/laser/ethereum/taint_analysis.py b/mythril/laser/ethereum/taint_analysis.py index 2144d864..061ab088 100644 --- a/mythril/laser/ethereum/taint_analysis.py +++ b/mythril/laser/ethereum/taint_analysis.py @@ -213,7 +213,7 @@ class TaintRunner: _ = record.stack.pop() try: index = helper.get_concrete_int(op0) - except AttributeError: + except TypeError: logging.debug("Can't MLOAD taint track symbolically") record.stack.append(False) return @@ -225,7 +225,7 @@ class TaintRunner: _, value_taint = record.stack.pop(), record.stack.pop() try: index = helper.get_concrete_int(op0) - except AttributeError: + except TypeError: logging.debug("Can't mstore taint track symbolically") return @@ -236,7 +236,7 @@ class TaintRunner: _ = record.stack.pop() try: index = helper.get_concrete_int(op0) - except AttributeError: + except TypeError: logging.debug("Can't MLOAD taint track symbolically") record.stack.append(False) return @@ -248,7 +248,7 @@ class TaintRunner: _, value_taint = record.stack.pop(), record.stack.pop() try: index = helper.get_concrete_int(op0) - except AttributeError: + except TypeError: logging.debug("Can't mstore taint track symbolically") return From 58395cb6c6c33d4e634ca8e95e23b23ecb83d349 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 15 Oct 2018 23:16:40 +0530 Subject: [PATCH 086/213] Pad 0s for the compressed hashes --- mythril/disassembler/disassembly.py | 8 +++++++- mythril/ether/asm.py | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/mythril/disassembler/disassembly.py b/mythril/disassembler/disassembly.py index 394f22b1..e31a6ba3 100644 --- a/mythril/disassembler/disassembly.py +++ b/mythril/disassembler/disassembly.py @@ -20,10 +20,16 @@ class Disassembly(object): # Parse jump table & resolve function names - jmptable_indices = asm.find_opcode_sequence(["PUSH4", "EQ"], self.instruction_list) + # Take from PUSH1 to PUSH4 because solc seems to remove excess 0s at the beginning for optimizing + jmptable_indices = asm.find_opcode_sequence([("PUSH1", "PUSH2", "PUSH3", "PUSH4"), ("EQ",)], + self.instruction_list) for i in jmptable_indices: func_hash = self.instruction_list[i]['argument'] + + # Append with missing 0s at the beginning + func_hash = "0x" + func_hash[2:].rjust(8, "0") + self.func_hashes.append(func_hash) try: # tries local cache, file and optional online lookup diff --git a/mythril/ether/asm.py b/mythril/ether/asm.py index 5e2267ea..985b2f07 100644 --- a/mythril/ether/asm.py +++ b/mythril/ether/asm.py @@ -70,13 +70,13 @@ def find_opcode_sequence(pattern, instruction_list): for i in range(0, len(instruction_list) - pattern_length + 1): - if instruction_list[i]['opcode'] == pattern[0]: + if instruction_list[i]['opcode'] in pattern[0]: matched = True for j in range(1, len(pattern)): - if not (instruction_list[i + j]['opcode'] == pattern[j]): + if not (instruction_list[i + j]['opcode'] in pattern[j]): matched = False break From 59020c6e4ae4a5ba449562108846600957ce55fc Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 15 Oct 2018 23:19:26 +0530 Subject: [PATCH 087/213] Comment correction --- mythril/disassembler/disassembly.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/disassembler/disassembly.py b/mythril/disassembler/disassembly.py index e31a6ba3..93ec0c27 100644 --- a/mythril/disassembler/disassembly.py +++ b/mythril/disassembler/disassembly.py @@ -20,7 +20,7 @@ class Disassembly(object): # Parse jump table & resolve function names - # Take from PUSH1 to PUSH4 because solc seems to remove excess 0s at the beginning for optimizing + # Need to take from PUSH1 to PUSH4 because solc seems to remove excess 0s at the beginning for optimizing jmptable_indices = asm.find_opcode_sequence([("PUSH1", "PUSH2", "PUSH3", "PUSH4"), ("EQ",)], self.instruction_list) From 6bb6a3221678a603ed26a196cadfffea7cd99606 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 16 Oct 2018 01:30:59 +0530 Subject: [PATCH 088/213] Add the 2 simple probabilistic search strategies --- mythril/analysis/symbolic.py | 7 ++- mythril/interfaces/cli.py | 3 +- mythril/laser/ethereum/strategy/basic.py | 65 ++++++++++++++---------- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/mythril/analysis/symbolic.py b/mythril/analysis/symbolic.py index 09447a67..922ce7e2 100644 --- a/mythril/analysis/symbolic.py +++ b/mythril/analysis/symbolic.py @@ -4,7 +4,8 @@ from mythril.ether.soliditycontract import SolidityContract import copy import logging from .ops import get_variable, SStore, Call, VarType -from mythril.laser.ethereum.strategy.basic import DepthFirstSearchStrategy, BreadthFirstSearchStrategy +from mythril.laser.ethereum.strategy.basic import DepthFirstSearchStrategy, BreadthFirstSearchStrategy, \ + ReturnRandomNaivelyStrategy, ReturnWeightedRandomStrategy class SymExecWrapper: @@ -21,6 +22,10 @@ class SymExecWrapper: s_strategy = DepthFirstSearchStrategy elif strategy == 'bfs': s_strategy = BreadthFirstSearchStrategy + elif strategy == 'naive-random': + s_strategy = ReturnRandomNaivelyStrategy + elif strategy == 'weighted-random': + s_strategy = ReturnWeightedRandomStrategy else: raise ValueError("Invalid strategy argument supplied") diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index be6cec59..6cbd2d8c 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -69,7 +69,8 @@ def main(): options = parser.add_argument_group('options') options.add_argument('-m', '--modules', help='Comma-separated list of security analysis modules', metavar='MODULES') options.add_argument('--max-depth', type=int, default=22, help='Maximum recursion depth for symbolic execution') - options.add_argument('--strategy', choices=['dfs', 'bfs'], default='dfs', help='Symbolic execution strategy') + options.add_argument('--strategy', choices=['dfs', 'bfs', 'naive-random', 'weighted-random'], + default='dfs', help='Symbolic execution strategy') options.add_argument('--execution-timeout', type=int, default=600, help="The amount of seconds to spend on symbolic execution") options.add_argument('--create-timeout', type=int, default=10, help="The amount of seconds to spend on " "the initial contract creation") diff --git a/mythril/laser/ethereum/strategy/basic.py b/mythril/laser/ethereum/strategy/basic.py index 33dca443..21048a0a 100644 --- a/mythril/laser/ethereum/strategy/basic.py +++ b/mythril/laser/ethereum/strategy/basic.py @@ -1,13 +1,12 @@ """ This module implements basic symbolic execution search strategies """ +from abc import ABC, abstractmethod +from random import choices, randrange +class BasicStrategy(ABC): + __slots__ = 'work_list', 'max_depth', 'open_states' -class DepthFirstSearchStrategy: - """ - Implements a depth first search strategy - I.E. Follow one path to a leaf, and then continue to the next one - """ def __init__(self, work_list, max_depth): self.work_list = work_list self.max_depth = max_depth @@ -15,40 +14,52 @@ class DepthFirstSearchStrategy: def __iter__(self): return self + @abstractmethod + def get_strategic_global_state(self): + raise NotImplementedError("Must be implemented by a subclass") + def __next__(self): - """ Picks the next state to execute """ try: - # This strategies assumes that new states are appended at the end of the work_list - # By taking the last element we effectively pick the "newest" states, which amounts to dfs - global_state = self.work_list.pop() + global_state = self.get_strategic_global_state() if global_state.mstate.depth >= self.max_depth: return self.__next__() return global_state except IndexError: - raise StopIteration() + raise StopIteration + + +class DepthFirstSearchStrategy(BasicStrategy): + """ + Implements a depth first search strategy + I.E. Follow one path to a leaf, and then continue to the next one + """ + def get_strategic_global_state(self): + return self.work_list.pop() -class BreadthFirstSearchStrategy: + +class BreadthFirstSearchStrategy(BasicStrategy): """ Implements a breadth first search strategy I.E. Execute all states of a "level" before continuing """ - def __init__(self, work_list, max_depth): - self.work_list = work_list - self.max_depth = max_depth - def __iter__(self): - return self + def get_strategic_global_state(self): + return self.work_list.pop(0) - def __next__(self): - """ Picks the next state to execute """ - try: - # This strategies assumes that new states are appended at the end of the work_list - # By taking the first element we effectively pick the "oldest" states, which amounts to bfs - global_state = self.work_list.pop(0) - if global_state.mstate.depth >= self.max_depth: - return self.__next__() - return global_state - except IndexError: - raise StopIteration() + +class ReturnRandomNaivelyStrategy(BasicStrategy): + + def get_strategic_global_state(self): + if len(self.work_list) > 0: + return self.work_list.pop(randrange(len(self.work_list))) + else: + raise IndexError + + +class ReturnWeightedRandomStrategy(BasicStrategy): + + def get_strategic_global_state(self): + probability_distribution = [global_state.mstate.depth+1 for global_state in self.work_list] + return self.work_list.pop(choices(range(len(self.work_list)), probability_distribution)[0]) From d58aab7a555dd7f7dfc74f46b8fa246fb57843cc Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 16 Oct 2018 02:04:24 +0530 Subject: [PATCH 089/213] Add choices() for python3.5 --- mythril/laser/ethereum/strategy/basic.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/strategy/basic.py b/mythril/laser/ethereum/strategy/basic.py index 21048a0a..85bf1dc4 100644 --- a/mythril/laser/ethereum/strategy/basic.py +++ b/mythril/laser/ethereum/strategy/basic.py @@ -2,7 +2,22 @@ This module implements basic symbolic execution search strategies """ from abc import ABC, abstractmethod -from random import choices, randrange +from random import randrange + +try: + from random import choices +except ImportError: + + from itertools import accumulate + from random import random + from bisect import bisect + + def choices(population, weights=None): + if weights is None: + return [population[int(random() * len(population))]] + cum_weights = accumulate(weights) + return [population[bisect(cum_weights, random()*cum_weights[-1], 0, len(population)-1)]] + class BasicStrategy(ABC): __slots__ = 'work_list', 'max_depth', 'open_states' From 3dd04d4a9562748c3ed041cc51c634eaff8ed478 Mon Sep 17 00:00:00 2001 From: Nathan Date: Mon, 15 Oct 2018 16:51:05 -0400 Subject: [PATCH 090/213] fixed evm_test bug --- tests/laser/evm_testsuite/evm_test.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/laser/evm_testsuite/evm_test.py b/tests/laser/evm_testsuite/evm_test.py index 68a447cb..445bcb9d 100644 --- a/tests/laser/evm_testsuite/evm_test.py +++ b/tests/laser/evm_testsuite/evm_test.py @@ -72,7 +72,7 @@ def test_vmtest(test_name: str, pre_condition: dict, action: dict, post_conditio return world_state = laser_evm.open_states[0] - model = get_model(laser_evm.nodes[0].states[0].mstate.constraints) + model = get_model(next(iter(laser_evm.nodes.values())).states[0].mstate.constraints) for address, details in post_condition.items(): account = world_state[address] @@ -82,5 +82,9 @@ def test_vmtest(test_name: str, pre_condition: dict, action: dict, post_conditio for index, value in details['storage'].items(): expected = int(value, 16) - actual = model.eval(account.storage[int(index,16)]) + if type(account.storage[int(index,16)]) != int: + actual = model.eval(account.storage[int(index,16)]) + actual = 1 if actual == True else 0 if actual == False else actual + else: + actual = account.storage[int(index,16)] assert actual == expected From 66f8a01c4e71882ca7c2e3e7dd2b5cc2ff7aa0f8 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 16 Oct 2018 09:04:06 -0400 Subject: [PATCH 091/213] patched exp bug --- mythril/laser/ethereum/instructions.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index d0f3d6fe..395eea78 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -16,6 +16,7 @@ from mythril.laser.ethereum.keccak import KeccakFunctionManager from mythril.laser.ethereum.state import GlobalState, CalldataType, Calldata from mythril.laser.ethereum.transaction import MessageCallTransaction, TransactionStartSignal, \ ContractCreationTransaction +from mythril.analysis.solver import get_model TT256 = 2 ** 256 TT256M1 = 2 ** 256 - 1 @@ -247,8 +248,8 @@ class Instruction: @StateTransition() def exp_(self, global_state): state = global_state.mstate - - base, exponent = util.pop_bitvec(state), util.pop_bitvec(state) + model = get_model(state.constraints) + base, exponent = model.eval(util.pop_bitvec(state)), model.eval(util.pop_bitvec(state)) if (type(base) != BitVecNumRef) or (type(exponent) != BitVecNumRef): state.stack.append(global_state.new_bitvec("(" + str(simplify(base)) + ")**(" + str(simplify(exponent)) + ")", 256)) else: From d2a07157f7c0f25968fd4b9046fcd1383a6977fe Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 16 Oct 2018 10:26:20 -0400 Subject: [PATCH 092/213] better exponential and checks for calldata --- mythril/laser/ethereum/instructions.py | 8 ++++++-- mythril/laser/ethereum/state.py | 18 ++++++++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index 395eea78..7c5b4260 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -248,8 +248,12 @@ class Instruction: @StateTransition() def exp_(self, global_state): state = global_state.mstate - model = get_model(state.constraints) - base, exponent = model.eval(util.pop_bitvec(state)), model.eval(util.pop_bitvec(state)) + if global_state.environment.calldata.concrete: + model = get_model(state.constraints) + base, exponent = model.eval(util.pop_bitvec(state)), model.eval(util.pop_bitvec(state)) + else: + base, exponent = util.pop_bitvec(state), util.pop_bitvec(state) + if (type(base) != BitVecNumRef) or (type(exponent) != BitVecNumRef): state.stack.append(global_state.new_bitvec("(" + str(simplify(base)) + ")**(" + str(simplify(exponent)) + ")", 256)) else: diff --git a/mythril/laser/ethereum/state.py b/mythril/laser/ethereum/state.py index bd6db75a..3291eefe 100644 --- a/mythril/laser/ethereum/state.py +++ b/mythril/laser/ethereum/state.py @@ -1,4 +1,4 @@ -from z3 import BitVec, BitVecVal, BitVecRef, BitVecNumRef, BitVecSort, Solver, ExprRef, Concat, sat, simplify, Array +from z3 import BitVec, BitVecVal, BitVecRef, BitVecNumRef, BitVecSort, Solver, ExprRef, Concat, sat, simplify, Array, ForAll, Or from z3.z3types import Z3Exception from mythril.disassembler.disassembly import Disassembly from copy import copy, deepcopy @@ -15,12 +15,26 @@ class Calldata: def __init__(self, tx_id, starting_calldata: bytes=None): self.tx_id = tx_id self._calldata = Array('{}_calldata'.format(self.tx_id), BitVecSort(256), BitVecSort(8)) + if starting_calldata: + self.calldatasize = BitVecVal(len(starting_calldata), 256) + self.concrete = True + else: + self.calldatasize = BitVec('{}_calldatasize'.format(self.tx_id), 256) + self.concrete = False + self.starting_calldata = starting_calldata if starting_calldata else [] def set_global_state(self, state): self.state = state + constraints = [] + + x = BitVec('x', 256) + constraints.append(ForAll(x, Or(self._calldata[x] == 0, x < self.calldatasize))) + for i in range(len(self.starting_calldata)): - self.state.mstate.constraints.append(self._calldata[BitVecVal(i, 256)] == self.starting_calldata[i]) + constraints.append(self._calldata[BitVecVal(i, 256)] == self.starting_calldata[i]) + + self.state.mstate.constraints.extend(constraints) def concretized(self, model): concrete_calldata = model[self._calldata].as_list() From 78fc5478f0b221c78805fcf08a6bba7f0bb4f969 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 16 Oct 2018 10:51:26 -0400 Subject: [PATCH 093/213] use new calldata for contract creation as well --- .../laser/ethereum/transaction/transaction_models.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mythril/laser/ethereum/transaction/transaction_models.py b/mythril/laser/ethereum/transaction/transaction_models.py index db5dd4a6..1b504814 100644 --- a/mythril/laser/ethereum/transaction/transaction_models.py +++ b/mythril/laser/ethereum/transaction/transaction_models.py @@ -1,6 +1,6 @@ import logging from mythril.disassembler.disassembly import Disassembly -from mythril.laser.ethereum.state import GlobalState, Environment, WorldState +from mythril.laser.ethereum.state import GlobalState, Environment, WorldState, Calldata from z3 import BitVec import array @@ -31,7 +31,7 @@ class MessageCallTransaction: world_state, callee_account, caller, - call_data=(), + call_data=None, identifier=None, gas_price=None, call_value=None, @@ -44,7 +44,7 @@ class MessageCallTransaction: self.world_state = world_state self.callee_account = callee_account self.caller = caller - self.call_data = call_data + self.call_data = Calldata(self.id) if call_data is None else Calldata(self.id, call_data) if type(call_data) == list else call_data self.gas_price = BitVec("gasprice{}".format(identifier), 256) if gas_price is None else gas_price self.call_value = BitVec("callvalue{}".format(identifier), 256) if call_value is None else call_value self.origin = BitVec("origin{}".format(identifier), 256) if origin is None else origin @@ -84,7 +84,7 @@ class ContractCreationTransaction: identifier=None, callee_account=None, code=None, - call_data=(), + call_data=None, gas_price=None, call_value=None, origin=None, @@ -103,7 +103,7 @@ class ContractCreationTransaction: self.origin = BitVec("origin{}".format(identifier), 256) if origin is None else origin self.call_data_type = BitVec("call_data_type{}".format(identifier), 256) if call_data_type is None else call_data_type - self.call_data = call_data + self.call_data = Calldata(self.id) if call_data is None else Calldata(self.id, call_data) if type(call_data) == list else call_data self.origin = origin self.code = code self.return_data = None From a4eea864f8fef2484318343f64093ad10ca0b31f Mon Sep 17 00:00:00 2001 From: Yurii Rashkovskii Date: Tue, 16 Oct 2018 11:58:23 -0700 Subject: [PATCH 094/213] Problem: truffle project analysis ignores --solc-args This prevents passing custom `solc` arguments which is important in some cases (for example, `--allow-paths` is a very useful option) Solution: pass solc_args through --- mythril/support/truffle.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/support/truffle.py b/mythril/support/truffle.py index aced1086..6dd13b2e 100644 --- a/mythril/support/truffle.py +++ b/mythril/support/truffle.py @@ -40,7 +40,7 @@ def analyze_truffle_project(sigs, args): if len(bytecode) < 4: continue - sigs.import_from_solidity_source(contractdata['sourcePath']) + sigs.import_from_solidity_source(contractdata['sourcePath'], solc_args=args.solc_args) sigs.write() ethcontract = ETHContract(bytecode, name=name) From 0619cf2612ac9ae5048520ee0c078eef7e96808b Mon Sep 17 00:00:00 2001 From: Yurii Rashkovskii Date: Tue, 16 Oct 2018 12:01:30 -0700 Subject: [PATCH 095/213] Problem: docker build times Currenlty, every time a docker container is rebuilt for updated source code of the package, it'll start from scratch. This means it will not reuse layers with existing Python, solc, etc. installation. Solution: install Python first, copy source code after This allows to reuse the base layer. --- Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3e3cb592..59c9123d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM ubuntu:bionic -COPY . /opt/mythril - RUN apt-get update \ && apt-get install -y \ build-essential \ @@ -18,8 +16,11 @@ RUN apt-get update \ python3-dev \ pandoc \ git \ - && ln -s /usr/bin/python3 /usr/local/bin/python \ - && cd /opt/mythril \ + && ln -s /usr/bin/python3 /usr/local/bin/python + +COPY . /opt/mythril + +RUN cd /opt/mythril \ && pip3 install -r requirements.txt \ && python setup.py install From 4cf1f27f77e65468c0615eb0e4abacb4e098e00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20M=C3=B6nnig?= Date: Wed, 17 Oct 2018 12:39:04 +0200 Subject: [PATCH 096/213] Precopy requirements.txt --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 59c9123d..8594ecb0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,8 @@ RUN apt-get update \ git \ && ln -s /usr/bin/python3 /usr/local/bin/python -COPY . /opt/mythril + +COPY ./requirements.txt /opt/mythril/requirements.txt RUN cd /opt/mythril \ && pip3 install -r requirements.txt \ @@ -29,4 +30,6 @@ ENV LANG en_US.UTF-8 ENV LANGUAGE en_US.en ENV LC_ALL en_US.UTF-8 +COPY . /opt/mythril + ENTRYPOINT ["/usr/local/bin/myth"] From 9b027ed72bcaf7f5ed67c564c8360c7526c7a7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20M=C3=B6nnig?= Date: Wed, 17 Oct 2018 13:43:00 +0200 Subject: [PATCH 097/213] Add setup.py and Pipfile as precopy steps --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8594ecb0..48cfe911 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,8 @@ RUN apt-get update \ git \ && ln -s /usr/bin/python3 /usr/local/bin/python - +COPY ./setup.py /opt/mythril/setup.py +COPY ./Pipfile /opt/mythril/Pipfile COPY ./requirements.txt /opt/mythril/requirements.txt RUN cd /opt/mythril \ From 96edc1a305fa8846b614743cf0ad4ed9592a4b13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20M=C3=B6nnig?= Date: Wed, 17 Oct 2018 13:45:05 +0200 Subject: [PATCH 098/213] Remove Pipfile as precopy step --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 48cfe911..283c0c88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,6 @@ RUN apt-get update \ && ln -s /usr/bin/python3 /usr/local/bin/python COPY ./setup.py /opt/mythril/setup.py -COPY ./Pipfile /opt/mythril/Pipfile COPY ./requirements.txt /opt/mythril/requirements.txt RUN cd /opt/mythril \ From 8555663adf426d03934646880485a01cd1c8b848 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 17 Oct 2018 17:20:57 +0530 Subject: [PATCH 099/213] Remove %s in formatting previously %s was used to display variable for string formatting which won't work. --- mythril/analysis/modules/deprecated_ops.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/analysis/modules/deprecated_ops.py b/mythril/analysis/modules/deprecated_ops.py index 84f39b6e..2b187e2d 100644 --- a/mythril/analysis/modules/deprecated_ops.py +++ b/mythril/analysis/modules/deprecated_ops.py @@ -24,7 +24,7 @@ def execute(statespace): instruction = state.get_current_instruction() if instruction['opcode'] == "ORIGIN": - description = "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. " \ + description = "The function `{}` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. " \ "Use msg.sender instead.\nSee also: " \ "https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin".format(node.function_name) From a939a3255a7a5aa211649b0fd2c1843b23d601b2 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 17 Oct 2018 17:32:10 +0530 Subject: [PATCH 100/213] Update origin.sol.o.json --- tests/testdata/outputs_expected/origin.sol.o.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/testdata/outputs_expected/origin.sol.o.json b/tests/testdata/outputs_expected/origin.sol.o.json index 640bce9c..04d6ee81 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.json +++ b/tests/testdata/outputs_expected/origin.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} From 5e48355d497e2c1ac8a28fbfed88d1b591216d86 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 17 Oct 2018 17:33:18 +0530 Subject: [PATCH 101/213] Remove the %s in markdown test --- tests/testdata/outputs_expected/origin.sol.o.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/testdata/outputs_expected/origin.sol.o.markdown b/tests/testdata/outputs_expected/origin.sol.o.markdown index 772ef122..1e9d6d8b 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.markdown +++ b/tests/testdata/outputs_expected/origin.sol.o.markdown @@ -9,5 +9,5 @@ ### Description -Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin From c105b17211dd26964629552f10cd666b2f9697b6 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 17 Oct 2018 17:34:03 +0530 Subject: [PATCH 102/213] Remove %s in the text test --- tests/testdata/outputs_expected/origin.sol.o.text | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/testdata/outputs_expected/origin.sol.o.text b/tests/testdata/outputs_expected/origin.sol.o.text index f159a8eb..b71422be 100644 --- a/tests/testdata/outputs_expected/origin.sol.o.text +++ b/tests/testdata/outputs_expected/origin.sol.o.text @@ -4,7 +4,7 @@ Type: Warning Contract: Unknown Function name: transferOwnership(address) PC address: 317 -Function %s retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin -------------------- From 9e600168fb5537f97438c8b99c7d3e989491e226 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Wed, 17 Oct 2018 15:08:39 +0200 Subject: [PATCH 103/213] Also check for empty return data --- mythril/laser/ethereum/transaction/transaction_models.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/transaction/transaction_models.py b/mythril/laser/ethereum/transaction/transaction_models.py index 35826bcd..4060c4e1 100644 --- a/mythril/laser/ethereum/transaction/transaction_models.py +++ b/mythril/laser/ethereum/transaction/transaction_models.py @@ -129,7 +129,7 @@ class ContractCreationTransaction: def end(self, global_state, return_data=None, revert=False): - if not all([isinstance(element, int) for element in return_data]): + if not all([isinstance(element, int) for element in return_data]) or len(return_data) == 0: self.return_data = None raise TransactionEndSignal(global_state) @@ -137,6 +137,7 @@ class ContractCreationTransaction: global_state.environment.active_account.code = Disassembly(contract_code) self.return_data = global_state.environment.active_account.address + assert global_state.environment.active_account.code.instruction_list != [] raise TransactionEndSignal(global_state, revert=revert) From 39ace87e872c1f20a92555b0a1e58af05a3133b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20M=C3=B6nnig?= Date: Wed, 17 Oct 2018 18:14:39 +0200 Subject: [PATCH 104/213] Add and tags --- mythril/analysis/templates/callgraph.html | 2 +- static/Ownable.html | 4 +++- static/assertions.html | 5 +++-- static/mythril.html | 4 +++- tests/testdata/outputs_expected/calls.sol.o.graph.html | 2 ++ .../testdata/outputs_expected/environments.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/ether_send.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/exceptions.sol.o.graph.html | 2 ++ .../outputs_expected/kinds_of_calls.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/metacoin.sol.o.graph.html | 2 ++ .../outputs_expected/multi_contracts.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/nonascii.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/origin.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/overflow.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/returnvalue.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/suicide.sol.o.graph.html | 2 ++ tests/testdata/outputs_expected/underflow.sol.o.graph.html | 2 ++ 17 files changed, 36 insertions(+), 5 deletions(-) diff --git a/mythril/analysis/templates/callgraph.html b/mythril/analysis/templates/callgraph.html index 5032b2c2..807ecfc6 100644 --- a/mythril/analysis/templates/callgraph.html +++ b/mythril/analysis/templates/callgraph.html @@ -1,7 +1,7 @@ <!DOCTYPE html> <html> <head> - <title> Laser - Call Graph + Call Graph diff --git a/static/Ownable.html b/static/Ownable.html index 964558e4..9dff1f1a 100644 --- a/static/Ownable.html +++ b/static/Ownable.html @@ -1,5 +1,7 @@ + - + + Call Graph

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+
+ + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json new file mode 100644 index 00000000..d7b6f7e0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown new file mode 100644 index 00000000..f19dbaef --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown @@ -0,0 +1,111 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 661 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 666 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Transaction order dependence +- SWC ID: 114 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 784 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 858 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## State change after external call +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 869 + +### Description + +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 871 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 918 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text new file mode 100644 index 00000000..c65b9fc7 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text @@ -0,0 +1,90 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 661 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 666 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Transaction order dependence ==== +SWC ID: 114 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 784 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 858 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== State change after external call ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 869 +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 871 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 912 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 918 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm new file mode 100644 index 00000000..7a5b2043 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm @@ -0,0 +1,259 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x06661abd +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x83f12fec +71 EQ +72 PUSH2 0x007c +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 DUP1 +84 ISZERO +85 PUSH2 0x005d +88 JUMPI +89 PUSH1 0x00 +91 DUP1 +92 REVERT +93 JUMPDEST +94 POP +95 PUSH2 0x0066 +98 PUSH2 0x0104 +101 JUMP +102 JUMPDEST +103 PUSH1 0x40 +105 MLOAD +106 DUP1 +107 DUP3 +108 DUP2 +109 MSTORE +110 PUSH1 0x20 +112 ADD +113 SWAP2 +114 POP +115 POP +116 PUSH1 0x40 +118 MLOAD +119 DUP1 +120 SWAP2 +121 SUB +122 SWAP1 +123 RETURN +124 JUMPDEST +125 CALLVALUE +126 DUP1 +127 ISZERO +128 PUSH2 0x0088 +131 JUMPI +132 PUSH1 0x00 +134 DUP1 +135 REVERT +136 JUMPDEST +137 POP +138 PUSH2 0x00ea +141 PUSH1 0x04 +143 DUP1 +144 CALLDATASIZE +145 SUB +146 DUP2 +147 ADD +148 SWAP1 +149 DUP1 +150 DUP1 +151 CALLDATALOAD +152 SWAP1 +153 PUSH1 0x20 +155 ADD +156 SWAP1 +157 DUP3 +158 ADD +159 DUP1 +160 CALLDATALOAD +161 SWAP1 +162 PUSH1 0x20 +164 ADD +165 SWAP1 +166 DUP1 +167 DUP1 +168 PUSH1 0x20 +170 MUL +171 PUSH1 0x20 +173 ADD +174 PUSH1 0x40 +176 MLOAD +177 SWAP1 +178 DUP2 +179 ADD +180 PUSH1 0x40 +182 MSTORE +183 DUP1 +184 SWAP4 +185 SWAP3 +186 SWAP2 +187 SWAP1 +188 DUP2 +189 DUP2 +190 MSTORE +191 PUSH1 0x20 +193 ADD +194 DUP4 +195 DUP4 +196 PUSH1 0x20 +198 MUL +199 DUP1 +200 DUP3 +201 DUP5 +202 CALLDATACOPY +203 DUP3 +204 ADD +205 SWAP2 +206 POP +207 POP +208 POP +209 POP +210 POP +211 POP +212 SWAP2 +213 SWAP3 +214 SWAP2 +215 SWAP3 +216 SWAP1 +217 DUP1 +218 CALLDATALOAD +219 SWAP1 +220 PUSH1 0x20 +222 ADD +223 SWAP1 +224 SWAP3 +225 SWAP2 +226 SWAP1 +227 POP +228 POP +229 POP +230 PUSH2 0x010a +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 ISZERO +241 ISZERO +242 ISZERO +243 ISZERO +244 DUP2 +245 MSTORE +246 PUSH1 0x20 +248 ADD +249 SWAP2 +250 POP +251 POP +252 PUSH1 0x40 +254 MLOAD +255 DUP1 +256 SWAP2 +257 SUB +258 SWAP1 +259 RETURN +260 JUMPDEST +261 PUSH1 0x00 +263 SLOAD +264 DUP2 +265 JUMP +266 JUMPDEST +267 PUSH1 0x00 +269 DUP1 +270 PUSH1 0x00 +272 DUP5 +273 MLOAD +274 SWAP2 +275 POP +276 DUP4 +277 DUP3 +278 MUL +279 SWAP1 +280 POP +281 PUSH1 0x00 +283 DUP3 +284 GT +285 DUP1 +286 ISZERO +287 PUSH2 0x0129 +290 JUMPI +291 POP +292 PUSH1 0x14 +294 DUP3 +295 GT +296 ISZERO +297 JUMPDEST +298 ISZERO +299 ISZERO +300 PUSH2 0x0134 +303 JUMPI +304 PUSH1 0x00 +306 DUP1 +307 REVERT +308 JUMPDEST +309 DUP1 +310 PUSH1 0x01 +312 PUSH1 0x00 +314 CALLER +315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +336 AND +337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +358 AND +359 DUP2 +360 MSTORE +361 PUSH1 0x20 +363 ADD +364 SWAP1 +365 DUP2 +366 MSTORE +367 PUSH1 0x20 +369 ADD +370 PUSH1 0x00 +372 SHA3 +373 PUSH1 0x00 +375 DUP3 +376 DUP3 +377 SLOAD +378 SUB +379 SWAP3 +380 POP +381 POP +382 DUP2 +383 SWAP1 +384 SSTORE +385 POP +386 PUSH1 0x01 +388 SWAP3 +389 POP +390 POP +391 POP +392 SWAP3 +393 SWAP2 +394 POP +395 POP +396 JUMP +397 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html new file mode 100644 index 00000000..9dbc6800 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json new file mode 100644 index 00000000..207b9a02 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown new file mode 100644 index 00000000..c9630745 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 158 + +### Description + +The arithmetic operation can result in integer overflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 278 + +### Description + +The arithmetic operation can result in integer overflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x83f12fec` +- PC address: 378 + +### Description + +The substraction can result in an integer underflow. diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text new file mode 100644 index 00000000..ef673002 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 158 +The arithmetic operation can result in integer overflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 278 +The arithmetic operation can result in integer overflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: _function_0x83f12fec +PC address: 378 +The substraction can result in an integer underflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm new file mode 100644 index 00000000..b0a5e256 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm @@ -0,0 +1,420 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0078 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x12065fe0 +60 EQ +61 PUSH2 0x007d +64 JUMPI +65 DUP1 +66 PUSH4 0x27e235e3 +71 EQ +72 PUSH2 0x00a8 +75 JUMPI +76 DUP1 +77 PUSH4 0x56885cd8 +82 EQ +83 PUSH2 0x00ff +86 JUMPI +87 DUP1 +88 PUSH4 0x6c343ffe +93 EQ +94 PUSH2 0x0116 +97 JUMPI +98 DUP1 +99 PUSH4 0x8da5cb5b +104 EQ +105 PUSH2 0x012d +108 JUMPI +109 DUP1 +110 PUSH4 0xe8b5e51f +115 EQ +116 PUSH2 0x0184 +119 JUMPI +120 JUMPDEST +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 CALLVALUE +127 DUP1 +128 ISZERO +129 PUSH2 0x0089 +132 JUMPI +133 PUSH1 0x00 +135 DUP1 +136 REVERT +137 JUMPDEST +138 POP +139 PUSH2 0x0092 +142 PUSH2 0x018e +145 JUMP +146 JUMPDEST +147 PUSH1 0x40 +149 MLOAD +150 DUP1 +151 DUP3 +152 DUP2 +153 MSTORE +154 PUSH1 0x20 +156 ADD +157 SWAP2 +158 POP +159 POP +160 PUSH1 0x40 +162 MLOAD +163 DUP1 +164 SWAP2 +165 SUB +166 SWAP1 +167 RETURN +168 JUMPDEST +169 CALLVALUE +170 DUP1 +171 ISZERO +172 PUSH2 0x00b4 +175 JUMPI +176 PUSH1 0x00 +178 DUP1 +179 REVERT +180 JUMPDEST +181 POP +182 PUSH2 0x00e9 +185 PUSH1 0x04 +187 DUP1 +188 CALLDATASIZE +189 SUB +190 DUP2 +191 ADD +192 SWAP1 +193 DUP1 +194 DUP1 +195 CALLDATALOAD +196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +217 AND +218 SWAP1 +219 PUSH1 0x20 +221 ADD +222 SWAP1 +223 SWAP3 +224 SWAP2 +225 SWAP1 +226 POP +227 POP +228 POP +229 PUSH2 0x01d4 +232 JUMP +233 JUMPDEST +234 PUSH1 0x40 +236 MLOAD +237 DUP1 +238 DUP3 +239 DUP2 +240 MSTORE +241 PUSH1 0x20 +243 ADD +244 SWAP2 +245 POP +246 POP +247 PUSH1 0x40 +249 MLOAD +250 DUP1 +251 SWAP2 +252 SUB +253 SWAP1 +254 RETURN +255 JUMPDEST +256 CALLVALUE +257 DUP1 +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 POP +269 PUSH2 0x0114 +272 PUSH2 0x01ec +275 JUMP +276 JUMPDEST +277 STOP +278 JUMPDEST +279 CALLVALUE +280 DUP1 +281 ISZERO +282 PUSH2 0x0122 +285 JUMPI +286 PUSH1 0x00 +288 DUP1 +289 REVERT +290 JUMPDEST +291 POP +292 PUSH2 0x012b +295 PUSH2 0x022f +298 JUMP +299 JUMPDEST +300 STOP +301 JUMPDEST +302 CALLVALUE +303 DUP1 +304 ISZERO +305 PUSH2 0x0139 +308 JUMPI +309 PUSH1 0x00 +311 DUP1 +312 REVERT +313 JUMPDEST +314 POP +315 PUSH2 0x0142 +318 PUSH2 0x02eb +321 JUMP +322 JUMPDEST +323 PUSH1 0x40 +325 MLOAD +326 DUP1 +327 DUP3 +328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +349 AND +350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +371 AND +372 DUP2 +373 MSTORE +374 PUSH1 0x20 +376 ADD +377 SWAP2 +378 POP +379 POP +380 PUSH1 0x40 +382 MLOAD +383 DUP1 +384 SWAP2 +385 SUB +386 SWAP1 +387 RETURN +388 JUMPDEST +389 PUSH2 0x018c +392 PUSH2 0x0311 +395 JUMP +396 JUMPDEST +397 STOP +398 JUMPDEST +399 PUSH1 0x00 +401 DUP1 +402 PUSH1 0x00 +404 CALLER +405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +426 AND +427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +448 AND +449 DUP2 +450 MSTORE +451 PUSH1 0x20 +453 ADD +454 SWAP1 +455 DUP2 +456 MSTORE +457 PUSH1 0x20 +459 ADD +460 PUSH1 0x00 +462 SHA3 +463 SLOAD +464 SWAP1 +465 POP +466 SWAP1 +467 JUMP +468 JUMPDEST +469 PUSH1 0x00 +471 PUSH1 0x20 +473 MSTORE +474 DUP1 +475 PUSH1 0x00 +477 MSTORE +478 PUSH1 0x40 +480 PUSH1 0x00 +482 SHA3 +483 PUSH1 0x00 +485 SWAP2 +486 POP +487 SWAP1 +488 POP +489 SLOAD +490 DUP2 +491 JUMP +492 JUMPDEST +493 CALLER +494 PUSH1 0x01 +496 PUSH1 0x00 +498 PUSH2 0x0100 +501 EXP +502 DUP2 +503 SLOAD +504 DUP2 +505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +526 MUL +527 NOT +528 AND +529 SWAP1 +530 DUP4 +531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +552 AND +553 MUL +554 OR +555 SWAP1 +556 SSTORE +557 POP +558 JUMP +559 JUMPDEST +560 PUSH1 0x01 +562 PUSH1 0x00 +564 SWAP1 +565 SLOAD +566 SWAP1 +567 PUSH2 0x0100 +570 EXP +571 SWAP1 +572 DIV +573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +594 AND +595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +616 AND +617 CALLER +618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +639 AND +640 EQ +641 ISZERO +642 ISZERO +643 PUSH2 0x028b +646 JUMPI +647 PUSH1 0x00 +649 DUP1 +650 REVERT +651 JUMPDEST +652 CALLER +653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +674 AND +675 PUSH2 0x08fc +678 ADDRESS +679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +700 AND +701 BALANCE +702 SWAP1 +703 DUP2 +704 ISZERO +705 MUL +706 SWAP1 +707 PUSH1 0x40 +709 MLOAD +710 PUSH1 0x00 +712 PUSH1 0x40 +714 MLOAD +715 DUP1 +716 DUP4 +717 SUB +718 DUP2 +719 DUP6 +720 DUP9 +721 DUP9 +722 CALL +723 SWAP4 +724 POP +725 POP +726 POP +727 POP +728 ISZERO +729 DUP1 +730 ISZERO +731 PUSH2 0x02e8 +734 JUMPI +735 RETURNDATASIZE +736 PUSH1 0x00 +738 DUP1 +739 RETURNDATACOPY +740 RETURNDATASIZE +741 PUSH1 0x00 +743 REVERT +744 JUMPDEST +745 POP +746 JUMP +747 JUMPDEST +748 PUSH1 0x01 +750 PUSH1 0x00 +752 SWAP1 +753 SLOAD +754 SWAP1 +755 PUSH2 0x0100 +758 EXP +759 SWAP1 +760 DIV +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 JUMP +785 JUMPDEST +786 PUSH1 0x02 +788 SLOAD +789 CALLVALUE +790 GT +791 DUP1 +792 ISZERO +793 PUSH2 0x0323 +796 JUMPI +797 POP +798 PUSH1 0x03 +800 SLOAD +801 CALLVALUE +802 LT +803 JUMPDEST +804 ISZERO +805 ISZERO +806 PUSH2 0x032e +809 JUMPI +810 PUSH1 0x00 +812 DUP1 +813 REVERT +814 JUMPDEST +815 CALLVALUE +816 PUSH1 0x00 +818 DUP1 +819 CALLER +820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +841 AND +842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +863 AND +864 DUP2 +865 MSTORE +866 PUSH1 0x20 +868 ADD +869 SWAP1 +870 DUP2 +871 MSTORE +872 PUSH1 0x20 +874 ADD +875 PUSH1 0x00 +877 SHA3 +878 PUSH1 0x00 +880 DUP3 +881 DUP3 +882 SLOAD +883 ADD +884 SWAP3 +885 POP +886 POP +887 DUP2 +888 SWAP1 +889 SSTORE +890 POP +891 JUMP +892 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html new file mode 100644 index 00000000..445674a0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json new file mode 100644 index 00000000..f993162b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown new file mode 100644 index 00000000..5b677714 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown @@ -0,0 +1,25 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `withdrawfunds()` +- PC address: 722 + +### Description + +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. + +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `invest()` +- PC address: 883 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text new file mode 100644 index 00000000..e9c61963 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text @@ -0,0 +1,21 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: withdrawfunds() +PC address: 722 +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. + +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: invest() +PC address: 883 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm new file mode 100644 index 00000000..ef83a75c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm @@ -0,0 +1,392 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x008e +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x01d4277c +60 EQ +61 PUSH2 0x0093 +64 JUMPI +65 DUP1 +66 PUSH4 0x546455b5 +71 EQ +72 PUSH2 0x00b6 +75 JUMPI +76 DUP1 +77 PUSH4 0x78375f14 +82 EQ +83 PUSH2 0x00d9 +86 JUMPI +87 DUP1 +88 PUSH4 0x92dd38ea +93 EQ +94 PUSH2 0x00fc +97 JUMPI +98 DUP1 +99 PUSH4 0xa08299f1 +104 EQ +105 PUSH2 0x011f +108 JUMPI +109 DUP1 +110 PUSH4 0xb34c3610 +115 EQ +116 PUSH2 0x0142 +119 JUMPI +120 DUP1 +121 PUSH4 0xb630d706 +126 EQ +127 PUSH2 0x0157 +130 JUMPI +131 DUP1 +132 PUSH4 0xf44f13d8 +137 EQ +138 PUSH2 0x017a +141 JUMPI +142 JUMPDEST +143 PUSH1 0x00 +145 DUP1 +146 REVERT +147 JUMPDEST +148 CALLVALUE +149 ISZERO +150 PUSH2 0x009e +153 JUMPI +154 PUSH1 0x00 +156 DUP1 +157 REVERT +158 JUMPDEST +159 PUSH2 0x00b4 +162 PUSH1 0x04 +164 DUP1 +165 DUP1 +166 CALLDATALOAD +167 SWAP1 +168 PUSH1 0x20 +170 ADD +171 SWAP1 +172 SWAP2 +173 SWAP1 +174 POP +175 POP +176 PUSH2 0x018f +179 JUMP +180 JUMPDEST +181 STOP +182 JUMPDEST +183 CALLVALUE +184 ISZERO +185 PUSH2 0x00c1 +188 JUMPI +189 PUSH1 0x00 +191 DUP1 +192 REVERT +193 JUMPDEST +194 PUSH2 0x00d7 +197 PUSH1 0x04 +199 DUP1 +200 DUP1 +201 CALLDATALOAD +202 SWAP1 +203 PUSH1 0x20 +205 ADD +206 SWAP1 +207 SWAP2 +208 SWAP1 +209 POP +210 POP +211 PUSH2 0x01b2 +214 JUMP +215 JUMPDEST +216 STOP +217 JUMPDEST +218 CALLVALUE +219 ISZERO +220 PUSH2 0x00e4 +223 JUMPI +224 PUSH1 0x00 +226 DUP1 +227 REVERT +228 JUMPDEST +229 PUSH2 0x00fa +232 PUSH1 0x04 +234 DUP1 +235 DUP1 +236 CALLDATALOAD +237 SWAP1 +238 PUSH1 0x20 +240 ADD +241 SWAP1 +242 SWAP2 +243 SWAP1 +244 POP +245 POP +246 PUSH2 0x01c2 +249 JUMP +250 JUMPDEST +251 STOP +252 JUMPDEST +253 CALLVALUE +254 ISZERO +255 PUSH2 0x0107 +258 JUMPI +259 PUSH1 0x00 +261 DUP1 +262 REVERT +263 JUMPDEST +264 PUSH2 0x011d +267 PUSH1 0x04 +269 DUP1 +270 DUP1 +271 CALLDATALOAD +272 SWAP1 +273 PUSH1 0x20 +275 ADD +276 SWAP1 +277 SWAP2 +278 SWAP1 +279 POP +280 POP +281 PUSH2 0x01d5 +284 JUMP +285 JUMPDEST +286 STOP +287 JUMPDEST +288 CALLVALUE +289 ISZERO +290 PUSH2 0x012a +293 JUMPI +294 PUSH1 0x00 +296 DUP1 +297 REVERT +298 JUMPDEST +299 PUSH2 0x0140 +302 PUSH1 0x04 +304 DUP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01ed +319 JUMP +320 JUMPDEST +321 STOP +322 JUMPDEST +323 CALLVALUE +324 ISZERO +325 PUSH2 0x014d +328 JUMPI +329 PUSH1 0x00 +331 DUP1 +332 REVERT +333 JUMPDEST +334 PUSH2 0x0155 +337 PUSH2 0x0202 +340 JUMP +341 JUMPDEST +342 STOP +343 JUMPDEST +344 CALLVALUE +345 ISZERO +346 PUSH2 0x0162 +349 JUMPI +350 PUSH1 0x00 +352 DUP1 +353 REVERT +354 JUMPDEST +355 PUSH2 0x0178 +358 PUSH1 0x04 +360 DUP1 +361 DUP1 +362 CALLDATALOAD +363 SWAP1 +364 PUSH1 0x20 +366 ADD +367 SWAP1 +368 SWAP2 +369 SWAP1 +370 POP +371 POP +372 PUSH2 0x0217 +375 JUMP +376 JUMPDEST +377 STOP +378 JUMPDEST +379 CALLVALUE +380 ISZERO +381 PUSH2 0x0185 +384 JUMPI +385 PUSH1 0x00 +387 DUP1 +388 REVERT +389 JUMPDEST +390 PUSH2 0x018d +393 PUSH2 0x0235 +396 JUMP +397 JUMPDEST +398 STOP +399 JUMPDEST +400 PUSH1 0x00 +402 PUSH1 0x08 +404 DUP3 +405 LT +406 ISZERO +407 PUSH2 0x01ae +410 JUMPI +411 PUSH1 0x00 +413 DUP3 +414 PUSH1 0x08 +416 DUP2 +417 LT +418 ISZERO +419 ISZERO +420 PUSH2 0x01a9 +423 JUMPI +424 ASSERT_FAIL +425 JUMPDEST +426 ADD +427 SLOAD +428 SWAP1 +429 POP +430 JUMPDEST +431 POP +432 POP +433 JUMP +434 JUMPDEST +435 PUSH1 0x17 +437 DUP2 +438 EQ +439 ISZERO +440 ISZERO +441 ISZERO +442 PUSH2 0x01bf +445 JUMPI +446 ASSERT_FAIL +447 JUMPDEST +448 POP +449 JUMP +450 JUMPDEST +451 PUSH1 0x17 +453 DUP2 +454 EQ +455 ISZERO +456 ISZERO +457 ISZERO +458 PUSH2 0x01d2 +461 JUMPI +462 PUSH1 0x00 +464 DUP1 +465 REVERT +466 JUMPDEST +467 POP +468 JUMP +469 JUMPDEST +470 PUSH1 0x00 +472 DUP1 +473 DUP3 +474 PUSH1 0x08 +476 DUP2 +477 LT +478 ISZERO +479 ISZERO +480 PUSH2 0x01e5 +483 JUMPI +484 ASSERT_FAIL +485 JUMPDEST +486 ADD +487 SLOAD +488 SWAP1 +489 POP +490 POP +491 POP +492 JUMP +493 JUMPDEST +494 PUSH1 0x00 +496 DUP2 +497 PUSH1 0x01 +499 DUP2 +500 ISZERO +501 ISZERO +502 PUSH2 0x01fb +505 JUMPI +506 ASSERT_FAIL +507 JUMPDEST +508 DIV +509 SWAP1 +510 POP +511 POP +512 POP +513 JUMP +514 JUMPDEST +515 PUSH1 0x00 +517 PUSH1 0x01 +519 SWAP1 +520 POP +521 PUSH1 0x00 +523 DUP2 +524 EQ +525 ISZERO +526 ISZERO +527 PUSH2 0x0214 +530 JUMPI +531 ASSERT_FAIL +532 JUMPDEST +533 POP +534 JUMP +535 JUMPDEST +536 PUSH1 0x00 +538 DUP1 +539 DUP3 +540 GT +541 ISZERO +542 PUSH2 0x0231 +545 JUMPI +546 DUP2 +547 PUSH1 0x01 +549 DUP2 +550 ISZERO +551 ISZERO +552 PUSH2 0x022d +555 JUMPI +556 ASSERT_FAIL +557 JUMPDEST +558 DIV +559 SWAP1 +560 POP +561 JUMPDEST +562 POP +563 POP +564 JUMP +565 JUMPDEST +566 PUSH1 0x00 +568 PUSH1 0x01 +570 SWAP1 +571 POP +572 PUSH1 0x00 +574 DUP2 +575 GT +576 ISZERO +577 ISZERO +578 PUSH2 0x0247 +581 JUMPI +582 ASSERT_FAIL +583 JUMPDEST +584 POP +585 JUMP +586 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html new file mode 100644 index 00000000..f7879865 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json new file mode 100644 index 00000000..c8d722b5 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown new file mode 100644 index 00000000..2ed81d76 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x546455b5` +- PC address: 446 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x92dd38ea` +- PC address: 484 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xa08299f1` +- PC address: 506 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xb34c3610` +- PC address: 531 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text new file mode 100644 index 00000000..a9ac2d73 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text @@ -0,0 +1,36 @@ +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x546455b5 +PC address: 446 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x92dd38ea +PC address: 484 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xa08299f1 +PC address: 506 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xb34c3610 +PC address: 531 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm new file mode 100644 index 00000000..571b1c66 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm @@ -0,0 +1,435 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x006d +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x141f32ff +60 EQ +61 PUSH2 0x0072 +64 JUMPI +65 DUP1 +66 PUSH4 0x2e52d606 +71 EQ +72 PUSH2 0x00b4 +75 JUMPI +76 DUP1 +77 PUSH4 0x67e404ce +82 EQ +83 PUSH2 0x00dd +86 JUMPI +87 DUP1 +88 PUSH4 0x9b58bc26 +93 EQ +94 PUSH2 0x0132 +97 JUMPI +98 DUP1 +99 PUSH4 0xeea4c864 +104 EQ +105 PUSH2 0x0174 +108 JUMPI +109 JUMPDEST +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 CALLVALUE +116 ISZERO +117 PUSH2 0x007d +120 JUMPI +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 PUSH2 0x00b2 +129 PUSH1 0x04 +131 DUP1 +132 DUP1 +133 CALLDATALOAD +134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +155 AND +156 SWAP1 +157 PUSH1 0x20 +159 ADD +160 SWAP1 +161 SWAP2 +162 SWAP1 +163 DUP1 +164 CALLDATALOAD +165 SWAP1 +166 PUSH1 0x20 +168 ADD +169 SWAP1 +170 SWAP2 +171 SWAP1 +172 POP +173 POP +174 PUSH2 0x01b6 +177 JUMP +178 JUMPDEST +179 STOP +180 JUMPDEST +181 CALLVALUE +182 ISZERO +183 PUSH2 0x00bf +186 JUMPI +187 PUSH1 0x00 +189 DUP1 +190 REVERT +191 JUMPDEST +192 PUSH2 0x00c7 +195 PUSH2 0x0273 +198 JUMP +199 JUMPDEST +200 PUSH1 0x40 +202 MLOAD +203 DUP1 +204 DUP3 +205 DUP2 +206 MSTORE +207 PUSH1 0x20 +209 ADD +210 SWAP2 +211 POP +212 POP +213 PUSH1 0x40 +215 MLOAD +216 DUP1 +217 SWAP2 +218 SUB +219 SWAP1 +220 RETURN +221 JUMPDEST +222 CALLVALUE +223 ISZERO +224 PUSH2 0x00e8 +227 JUMPI +228 PUSH1 0x00 +230 DUP1 +231 REVERT +232 JUMPDEST +233 PUSH2 0x00f0 +236 PUSH2 0x0279 +239 JUMP +240 JUMPDEST +241 PUSH1 0x40 +243 MLOAD +244 DUP1 +245 DUP3 +246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +267 AND +268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +289 AND +290 DUP2 +291 MSTORE +292 PUSH1 0x20 +294 ADD +295 SWAP2 +296 POP +297 POP +298 PUSH1 0x40 +300 MLOAD +301 DUP1 +302 SWAP2 +303 SUB +304 SWAP1 +305 RETURN +306 JUMPDEST +307 CALLVALUE +308 ISZERO +309 PUSH2 0x013d +312 JUMPI +313 PUSH1 0x00 +315 DUP1 +316 REVERT +317 JUMPDEST +318 PUSH2 0x0172 +321 PUSH1 0x04 +323 DUP1 +324 DUP1 +325 CALLDATALOAD +326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +347 AND +348 SWAP1 +349 PUSH1 0x20 +351 ADD +352 SWAP1 +353 SWAP2 +354 SWAP1 +355 DUP1 +356 CALLDATALOAD +357 SWAP1 +358 PUSH1 0x20 +360 ADD +361 SWAP1 +362 SWAP2 +363 SWAP1 +364 POP +365 POP +366 PUSH2 0x029f +369 JUMP +370 JUMPDEST +371 STOP +372 JUMPDEST +373 CALLVALUE +374 ISZERO +375 PUSH2 0x017f +378 JUMPI +379 PUSH1 0x00 +381 DUP1 +382 REVERT +383 JUMPDEST +384 PUSH2 0x01b4 +387 PUSH1 0x04 +389 DUP1 +390 DUP1 +391 CALLDATALOAD +392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +413 AND +414 SWAP1 +415 PUSH1 0x20 +417 ADD +418 SWAP1 +419 SWAP2 +420 SWAP1 +421 DUP1 +422 CALLDATALOAD +423 SWAP1 +424 PUSH1 0x20 +426 ADD +427 SWAP1 +428 SWAP2 +429 SWAP1 +430 POP +431 POP +432 PUSH2 0x035a +435 JUMP +436 JUMPDEST +437 STOP +438 JUMPDEST +439 DUP2 +440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +461 AND +462 PUSH1 0x40 +464 MLOAD +465 DUP1 +466 DUP1 +467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +500 DUP2 +501 MSTORE +502 POP +503 PUSH1 0x0d +505 ADD +506 SWAP1 +507 POP +508 PUSH1 0x40 +510 MLOAD +511 DUP1 +512 SWAP2 +513 SUB +514 SWAP1 +515 SHA3 +516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +546 SWAP1 +547 DIV +548 DUP3 +549 PUSH1 0x40 +551 MLOAD +552 DUP3 +553 PUSH4 0xffffffff +558 AND +559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +589 MUL +590 DUP2 +591 MSTORE +592 PUSH1 0x04 +594 ADD +595 DUP1 +596 DUP3 +597 DUP2 +598 MSTORE +599 PUSH1 0x20 +601 ADD +602 SWAP2 +603 POP +604 POP +605 PUSH1 0x00 +607 PUSH1 0x40 +609 MLOAD +610 DUP1 +611 DUP4 +612 SUB +613 DUP2 +614 PUSH1 0x00 +616 DUP8 +617 GAS +618 CALLCODE +619 SWAP3 +620 POP +621 POP +622 POP +623 POP +624 POP +625 POP +626 JUMP +627 JUMPDEST +628 PUSH1 0x00 +630 SLOAD +631 DUP2 +632 JUMP +633 JUMPDEST +634 PUSH1 0x01 +636 PUSH1 0x00 +638 SWAP1 +639 SLOAD +640 SWAP1 +641 PUSH2 0x0100 +644 EXP +645 SWAP1 +646 DIV +647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +668 AND +669 DUP2 +670 JUMP +671 JUMPDEST +672 DUP2 +673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +694 AND +695 PUSH1 0x40 +697 MLOAD +698 DUP1 +699 DUP1 +700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +733 DUP2 +734 MSTORE +735 POP +736 PUSH1 0x0d +738 ADD +739 SWAP1 +740 POP +741 PUSH1 0x40 +743 MLOAD +744 DUP1 +745 SWAP2 +746 SUB +747 SWAP1 +748 SHA3 +749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +779 SWAP1 +780 DIV +781 DUP3 +782 PUSH1 0x40 +784 MLOAD +785 DUP3 +786 PUSH4 0xffffffff +791 AND +792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +822 MUL +823 DUP2 +824 MSTORE +825 PUSH1 0x04 +827 ADD +828 DUP1 +829 DUP3 +830 DUP2 +831 MSTORE +832 PUSH1 0x20 +834 ADD +835 SWAP2 +836 POP +837 POP +838 PUSH1 0x00 +840 PUSH1 0x40 +842 MLOAD +843 DUP1 +844 DUP4 +845 SUB +846 DUP2 +847 DUP7 +848 GAS +849 DELEGATECALL +850 SWAP3 +851 POP +852 POP +853 POP +854 POP +855 POP +856 POP +857 JUMP +858 JUMPDEST +859 DUP2 +860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +881 AND +882 PUSH1 0x40 +884 MLOAD +885 DUP1 +886 DUP1 +887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +920 DUP2 +921 MSTORE +922 POP +923 PUSH1 0x0d +925 ADD +926 SWAP1 +927 POP +928 PUSH1 0x40 +930 MLOAD +931 DUP1 +932 SWAP2 +933 SUB +934 SWAP1 +935 SHA3 +936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +966 SWAP1 +967 DIV +968 DUP3 +969 PUSH1 0x40 +971 MLOAD +972 DUP3 +973 PUSH4 0xffffffff +978 AND +979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +1009 MUL +1010 DUP2 +1011 MSTORE +1012 PUSH1 0x04 +1014 ADD +1015 DUP1 +1016 DUP3 +1017 DUP2 +1018 MSTORE +1019 PUSH1 0x20 +1021 ADD +1022 SWAP2 +1023 POP +1024 POP +1025 PUSH1 0x00 +1027 PUSH1 0x40 +1029 MLOAD +1030 DUP1 +1031 DUP4 +1032 SUB +1033 DUP2 +1034 PUSH1 0x00 +1036 DUP8 +1037 GAS +1038 CALL +1039 SWAP3 +1040 POP +1041 POP +1042 POP +1043 POP +1044 POP +1045 POP +1046 JUMP +1047 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html new file mode 100644 index 00000000..e2acfeee --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json new file mode 100644 index 00000000..4c42213f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown new file mode 100644 index 00000000..7208086f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x141f32ff` +- PC address: 626 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x9b58bc26` +- PC address: 857 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1038 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1046 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text new file mode 100644 index 00000000..46f49440 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text @@ -0,0 +1,36 @@ +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x141f32ff +PC address: 626 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x9b58bc26 +PC address: 857 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1038 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1046 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm new file mode 100644 index 00000000..fbb53181 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm @@ -0,0 +1,253 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x27e235e3 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x412664ae +71 EQ +72 PUSH2 0x009e +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0088 +96 PUSH1 0x04 +98 DUP1 +99 DUP1 +100 CALLDATALOAD +101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +122 AND +123 SWAP1 +124 PUSH1 0x20 +126 ADD +127 SWAP1 +128 SWAP2 +129 SWAP1 +130 POP +131 POP +132 PUSH2 0x00f8 +135 JUMP +136 JUMPDEST +137 PUSH1 0x40 +139 MLOAD +140 DUP1 +141 DUP3 +142 DUP2 +143 MSTORE +144 PUSH1 0x20 +146 ADD +147 SWAP2 +148 POP +149 POP +150 PUSH1 0x40 +152 MLOAD +153 DUP1 +154 SWAP2 +155 SUB +156 SWAP1 +157 RETURN +158 JUMPDEST +159 CALLVALUE +160 ISZERO +161 PUSH2 0x00a9 +164 JUMPI +165 PUSH1 0x00 +167 DUP1 +168 REVERT +169 JUMPDEST +170 PUSH2 0x00de +173 PUSH1 0x04 +175 DUP1 +176 DUP1 +177 CALLDATALOAD +178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +199 AND +200 SWAP1 +201 PUSH1 0x20 +203 ADD +204 SWAP1 +205 SWAP2 +206 SWAP1 +207 DUP1 +208 CALLDATALOAD +209 SWAP1 +210 PUSH1 0x20 +212 ADD +213 SWAP1 +214 SWAP2 +215 SWAP1 +216 POP +217 POP +218 PUSH2 0x0110 +221 JUMP +222 JUMPDEST +223 PUSH1 0x40 +225 MLOAD +226 DUP1 +227 DUP3 +228 ISZERO +229 ISZERO +230 ISZERO +231 ISZERO +232 DUP2 +233 MSTORE +234 PUSH1 0x20 +236 ADD +237 SWAP2 +238 POP +239 POP +240 PUSH1 0x40 +242 MLOAD +243 DUP1 +244 SWAP2 +245 SUB +246 SWAP1 +247 RETURN +248 JUMPDEST +249 PUSH1 0x00 +251 PUSH1 0x20 +253 MSTORE +254 DUP1 +255 PUSH1 0x00 +257 MSTORE +258 PUSH1 0x40 +260 PUSH1 0x00 +262 SHA3 +263 PUSH1 0x00 +265 SWAP2 +266 POP +267 SWAP1 +268 POP +269 SLOAD +270 DUP2 +271 JUMP +272 JUMPDEST +273 PUSH1 0x00 +275 DUP2 +276 PUSH1 0x00 +278 DUP1 +279 CALLER +280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +301 AND +302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +323 AND +324 DUP2 +325 MSTORE +326 PUSH1 0x20 +328 ADD +329 SWAP1 +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 PUSH1 0x00 +337 SHA3 +338 SLOAD +339 LT +340 ISZERO +341 PUSH2 0x0161 +344 JUMPI +345 PUSH1 0x00 +347 SWAP1 +348 POP +349 PUSH2 0x01fe +352 JUMP +353 JUMPDEST +354 DUP2 +355 PUSH1 0x00 +357 DUP1 +358 CALLER +359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +380 AND +381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +402 AND +403 DUP2 +404 MSTORE +405 PUSH1 0x20 +407 ADD +408 SWAP1 +409 DUP2 +410 MSTORE +411 PUSH1 0x20 +413 ADD +414 PUSH1 0x00 +416 SHA3 +417 PUSH1 0x00 +419 DUP3 +420 DUP3 +421 SLOAD +422 SUB +423 SWAP3 +424 POP +425 POP +426 DUP2 +427 SWAP1 +428 SSTORE +429 POP +430 DUP2 +431 PUSH1 0x00 +433 DUP1 +434 DUP6 +435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +456 AND +457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +478 AND +479 DUP2 +480 MSTORE +481 PUSH1 0x20 +483 ADD +484 SWAP1 +485 DUP2 +486 MSTORE +487 PUSH1 0x20 +489 ADD +490 PUSH1 0x00 +492 SHA3 +493 PUSH1 0x00 +495 DUP3 +496 DUP3 +497 SLOAD +498 ADD +499 SWAP3 +500 POP +501 POP +502 DUP2 +503 SWAP1 +504 SSTORE +505 POP +506 PUSH1 0x00 +508 SWAP1 +509 POP +510 JUMPDEST +511 SWAP3 +512 SWAP2 +513 POP +514 POP +515 JUMP +516 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html new file mode 100644 index 00000000..caca188e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm new file mode 100644 index 00000000..e83ace06 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm @@ -0,0 +1,77 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0x8a4068dd +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x54 +81 PUSH1 0x56 +83 JUMP +84 JUMPDEST +85 STOP +86 JUMPDEST +87 CALLER +88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +109 AND +110 PUSH2 0x08fc +113 PUSH8 0x1bc16d674ec80000 +122 SWAP1 +123 DUP2 +124 ISZERO +125 MUL +126 SWAP1 +127 PUSH1 0x40 +129 MLOAD +130 PUSH1 0x00 +132 PUSH1 0x40 +134 MLOAD +135 DUP1 +136 DUP4 +137 SUB +138 DUP2 +139 DUP6 +140 DUP9 +141 DUP9 +142 CALL +143 SWAP4 +144 POP +145 POP +146 POP +147 POP +148 ISZERO +149 ISZERO +150 PUSH1 0x9d +152 JUMPI +153 PUSH1 0x00 +155 DUP1 +156 REVERT +157 JUMPDEST +158 JUMP +159 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html new file mode 100644 index 00000000..953021af --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json new file mode 100644 index 00000000..5dff6426 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown new file mode 100644 index 00000000..8817ccea --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown @@ -0,0 +1,13 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x8a4068dd` +- PC address: 142 + +### Description + +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. +It seems that this function can be called without restrictions. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text new file mode 100644 index 00000000..ac727e59 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text @@ -0,0 +1,10 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: _function_0x8a4068dd +PC address: 142 +A non-zero amount of Ether is sent to a user-supplied address. The target address is msg.sender. +It seems that this function can be called without restrictions. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm new file mode 100644 index 00000000..555d5ba3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm @@ -0,0 +1,167 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0041 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x24ff38a2 +60 EQ +61 PUSH2 0x0046 +64 JUMPI +65 JUMPDEST +66 PUSH1 0x00 +68 DUP1 +69 REVERT +70 JUMPDEST +71 CALLVALUE +72 DUP1 +73 ISZERO +74 PUSH2 0x0052 +77 JUMPI +78 PUSH1 0x00 +80 DUP1 +81 REVERT +82 JUMPDEST +83 POP +84 PUSH2 0x005b +87 PUSH2 0x00d6 +90 JUMP +91 JUMPDEST +92 PUSH1 0x40 +94 MLOAD +95 DUP1 +96 DUP1 +97 PUSH1 0x20 +99 ADD +100 DUP3 +101 DUP2 +102 SUB +103 DUP3 +104 MSTORE +105 DUP4 +106 DUP2 +107 DUP2 +108 MLOAD +109 DUP2 +110 MSTORE +111 PUSH1 0x20 +113 ADD +114 SWAP2 +115 POP +116 DUP1 +117 MLOAD +118 SWAP1 +119 PUSH1 0x20 +121 ADD +122 SWAP1 +123 DUP1 +124 DUP4 +125 DUP4 +126 PUSH1 0x00 +128 JUMPDEST +129 DUP4 +130 DUP2 +131 LT +132 ISZERO +133 PUSH2 0x009b +136 JUMPI +137 DUP1 +138 DUP3 +139 ADD +140 MLOAD +141 DUP2 +142 DUP5 +143 ADD +144 MSTORE +145 PUSH1 0x20 +147 DUP2 +148 ADD +149 SWAP1 +150 POP +151 PUSH2 0x0080 +154 JUMP +155 JUMPDEST +156 POP +157 POP +158 POP +159 POP +160 SWAP1 +161 POP +162 SWAP1 +163 DUP2 +164 ADD +165 SWAP1 +166 PUSH1 0x1f +168 AND +169 DUP1 +170 ISZERO +171 PUSH2 0x00c8 +174 JUMPI +175 DUP1 +176 DUP3 +177 SUB +178 DUP1 +179 MLOAD +180 PUSH1 0x01 +182 DUP4 +183 PUSH1 0x20 +185 SUB +186 PUSH2 0x0100 +189 EXP +190 SUB +191 NOT +192 AND +193 DUP2 +194 MSTORE +195 PUSH1 0x20 +197 ADD +198 SWAP2 +199 POP +200 JUMPDEST +201 POP +202 SWAP3 +203 POP +204 POP +205 POP +206 PUSH1 0x40 +208 MLOAD +209 DUP1 +210 SWAP2 +211 SUB +212 SWAP1 +213 RETURN +214 JUMPDEST +215 PUSH1 0x60 +217 PUSH1 0x40 +219 DUP1 +220 MLOAD +221 SWAP1 +222 DUP2 +223 ADD +224 PUSH1 0x40 +226 MSTORE +227 DUP1 +228 PUSH1 0x17 +230 DUP2 +231 MSTORE +232 PUSH1 0x20 +234 ADD +235 PUSH32 0xd0a5d18dd0bbd0bbd0bed18320d092d0bed180d0bbd0b4000000000000000000 +268 DUP2 +269 MSTORE +270 POP +271 SWAP1 +272 POP +273 SWAP1 +274 JUMP +275 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html new file mode 100644 index 00000000..68d83005 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm new file mode 100644 index 00000000..e1bffe10 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm @@ -0,0 +1,168 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x8da5cb5b +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xf2fde38b +71 EQ +72 PUSH2 0x00a6 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x00df +99 JUMP +100 JUMPDEST +101 PUSH1 0x40 +103 MLOAD +104 DUP1 +105 DUP3 +106 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +127 AND +128 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +149 AND +150 DUP2 +151 MSTORE +152 PUSH1 0x20 +154 ADD +155 SWAP2 +156 POP +157 POP +158 PUSH1 0x40 +160 MLOAD +161 DUP1 +162 SWAP2 +163 SUB +164 SWAP1 +165 RETURN +166 JUMPDEST +167 CALLVALUE +168 ISZERO +169 PUSH2 0x00b1 +172 JUMPI +173 PUSH1 0x00 +175 DUP1 +176 REVERT +177 JUMPDEST +178 PUSH2 0x00dd +181 PUSH1 0x04 +183 DUP1 +184 DUP1 +185 CALLDATALOAD +186 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +207 AND +208 SWAP1 +209 PUSH1 0x20 +211 ADD +212 SWAP1 +213 SWAP2 +214 SWAP1 +215 POP +216 POP +217 PUSH2 0x0104 +220 JUMP +221 JUMPDEST +222 STOP +223 JUMPDEST +224 PUSH1 0x00 +226 DUP1 +227 SWAP1 +228 SLOAD +229 SWAP1 +230 PUSH2 0x0100 +233 EXP +234 SWAP1 +235 DIV +236 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +257 AND +258 DUP2 +259 JUMP +260 JUMPDEST +261 PUSH1 0x00 +263 DUP1 +264 SWAP1 +265 SLOAD +266 SWAP1 +267 PUSH2 0x0100 +270 EXP +271 SWAP1 +272 DIV +273 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +294 AND +295 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +316 AND +317 ORIGIN +318 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +339 AND +340 EQ +341 ISZERO +342 ISZERO +343 PUSH2 0x015f +346 JUMPI +347 PUSH1 0x00 +349 DUP1 +350 REVERT +351 JUMPDEST +352 PUSH1 0x00 +354 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +375 AND +376 DUP2 +377 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +398 AND +399 EQ +400 ISZERO +401 ISZERO +402 PUSH2 0x01d6 +405 JUMPI +406 DUP1 +407 PUSH1 0x00 +409 DUP1 +410 PUSH2 0x0100 +413 EXP +414 DUP2 +415 SLOAD +416 DUP2 +417 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +438 MUL +439 NOT +440 AND +441 SWAP1 +442 DUP4 +443 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +464 AND +465 MUL +466 OR +467 SWAP1 +468 SSTORE +469 POP +470 JUMPDEST +471 POP +472 JUMP +473 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html new file mode 100644 index 00000000..e44a58df --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json new file mode 100644 index 00000000..0e924831 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown new file mode 100644 index 00000000..1e9d6d8b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown @@ -0,0 +1,13 @@ +# Analysis results for test-filename.sol + +## Use of tx.origin +- SWC ID: 115 +- Type: Warning +- Contract: Unknown +- Function name: `transferOwnership(address)` +- PC address: 317 + +### Description + +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text new file mode 100644 index 00000000..b71422be --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text @@ -0,0 +1,10 @@ +==== Use of tx.origin ==== +SWC ID: 115 +Type: Warning +Contract: Unknown +Function name: transferOwnership(address) +PC address: 317 +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm new file mode 100644 index 00000000..b0763999 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm @@ -0,0 +1,388 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x02 +735 PUSH1 0x00 +737 DUP1 +738 DUP6 +739 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +760 AND +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 MSTORE +785 PUSH1 0x20 +787 ADD +788 SWAP1 +789 DUP2 +790 MSTORE +791 PUSH1 0x20 +793 ADD +794 PUSH1 0x00 +796 SHA3 +797 DUP2 +798 SWAP1 +799 SSTORE +800 POP +801 PUSH1 0x01 +803 SWAP1 +804 POP +805 SWAP3 +806 SWAP2 +807 POP +808 POP +809 JUMP +810 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html new file mode 100644 index 00000000..ed71dd6e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json new file mode 100644 index 00000000..fb92acaf --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown new file mode 100644 index 00000000..4f86063c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The substraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The substraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text new file mode 100644 index 00000000..acdce40b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm new file mode 100644 index 00000000..13a426cc --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm @@ -0,0 +1,129 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x633ab5e0 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xe3bea282 +71 EQ +72 PUSH2 0x0066 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x007b +99 JUMP +100 JUMPDEST +101 STOP +102 JUMPDEST +103 CALLVALUE +104 ISZERO +105 PUSH2 0x0071 +108 JUMPI +109 PUSH1 0x00 +111 DUP1 +112 REVERT +113 JUMPDEST +114 PUSH2 0x0079 +117 PUSH2 0x00d4 +120 JUMP +121 JUMPDEST +122 STOP +123 JUMPDEST +124 PUSH1 0x00 +126 DUP1 +127 SWAP1 +128 SLOAD +129 SWAP1 +130 PUSH2 0x0100 +133 EXP +134 SWAP1 +135 DIV +136 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +157 AND +158 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +179 AND +180 PUSH1 0x40 +182 MLOAD +183 PUSH1 0x00 +185 PUSH1 0x40 +187 MLOAD +188 DUP1 +189 DUP4 +190 SUB +191 DUP2 +192 PUSH1 0x00 +194 DUP7 +195 GAS +196 CALL +197 SWAP2 +198 POP +199 POP +200 ISZERO +201 ISZERO +202 PUSH2 0x00d2 +205 JUMPI +206 PUSH1 0x00 +208 DUP1 +209 REVERT +210 JUMPDEST +211 JUMP +212 JUMPDEST +213 PUSH1 0x00 +215 DUP1 +216 SWAP1 +217 SLOAD +218 SWAP1 +219 PUSH2 0x0100 +222 EXP +223 SWAP1 +224 DIV +225 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +246 AND +247 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +268 AND +269 PUSH1 0x40 +271 MLOAD +272 PUSH1 0x00 +274 PUSH1 0x40 +276 MLOAD +277 DUP1 +278 DUP4 +279 SUB +280 DUP2 +281 PUSH1 0x00 +283 DUP7 +284 GAS +285 CALL +286 SWAP2 +287 POP +288 POP +289 POP +290 JUMP +291 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html new file mode 100644 index 00000000..a63a268a --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json new file mode 100644 index 00000000..81ee3cb3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown new file mode 100644 index 00000000..f3a058bd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x633ab5e0` +- PC address: 196 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 285 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 290 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text new file mode 100644 index 00000000..2a8b1470 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text @@ -0,0 +1,27 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x633ab5e0 +PC address: 196 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 285 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 290 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm new file mode 100644 index 00000000..892e7787 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm @@ -0,0 +1,58 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0xcbf0b0c0 +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x78 +81 PUSH1 0x04 +83 DUP1 +84 DUP1 +85 CALLDATALOAD +86 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +107 AND +108 SWAP1 +109 PUSH1 0x20 +111 ADD +112 SWAP1 +113 SWAP2 +114 SWAP1 +115 POP +116 POP +117 PUSH1 0x7a +119 JUMP +120 JUMPDEST +121 STOP +122 JUMPDEST +123 DUP1 +124 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +145 AND +146 SUICIDE +147 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html new file mode 100644 index 00000000..e1797023 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json new file mode 100644 index 00000000..4b9b6b83 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown new file mode 100644 index 00000000..6d24f84d --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown @@ -0,0 +1,12 @@ +# Analysis results for test-filename.sol + +## Unchecked SUICIDE +- SWC ID: 106 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xcbf0b0c0` +- PC address: 146 + +### Description + +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text new file mode 100644 index 00000000..138bf06b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text @@ -0,0 +1,10 @@ +==== Unchecked SUICIDE ==== +SWC ID: 106 +Type: Warning +Contract: Unknown +Function name: _function_0xcbf0b0c0 +PC address: 146 +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm new file mode 100644 index 00000000..0ed8f651 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm @@ -0,0 +1,365 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x01 +735 SWAP1 +736 POP +737 SWAP3 +738 SWAP2 +739 POP +740 POP +741 JUMP +742 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html new file mode 100644 index 00000000..062a5856 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json new file mode 100644 index 00000000..fb92acaf --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown new file mode 100644 index 00000000..4f86063c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The substraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The substraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text new file mode 100644 index 00000000..acdce40b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The substraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/overflow.sol.o.graph.html index 5d117d28..ed71dd6e 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.graph.html +++ b/tests/testdata/outputs_expected/overflow.sol.o.graph.html @@ -8,6 +8,7 @@

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+
+ + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json new file mode 100644 index 00000000..d7b6f7e0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown new file mode 100644 index 00000000..f19dbaef --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown @@ -0,0 +1,111 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 661 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x5a6814ec` +- PC address: 666 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Transaction order dependence +- SWC ID: 114 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 779 + +### Description + +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xd24b08cc` +- PC address: 784 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 858 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## State change after external call +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 869 + +### Description + +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 871 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 918 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text new file mode 100644 index 00000000..c65b9fc7 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text @@ -0,0 +1,90 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 661 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x5a6814ec +PC address: 666 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Transaction order dependence ==== +SWC ID: 114 +Type: Warning +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 779 +Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xd24b08cc +PC address: 784 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 858 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== State change after external call ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 869 +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 871 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 912 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 918 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm new file mode 100644 index 00000000..7a5b2043 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm @@ -0,0 +1,259 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x06661abd +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x83f12fec +71 EQ +72 PUSH2 0x007c +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 DUP1 +84 ISZERO +85 PUSH2 0x005d +88 JUMPI +89 PUSH1 0x00 +91 DUP1 +92 REVERT +93 JUMPDEST +94 POP +95 PUSH2 0x0066 +98 PUSH2 0x0104 +101 JUMP +102 JUMPDEST +103 PUSH1 0x40 +105 MLOAD +106 DUP1 +107 DUP3 +108 DUP2 +109 MSTORE +110 PUSH1 0x20 +112 ADD +113 SWAP2 +114 POP +115 POP +116 PUSH1 0x40 +118 MLOAD +119 DUP1 +120 SWAP2 +121 SUB +122 SWAP1 +123 RETURN +124 JUMPDEST +125 CALLVALUE +126 DUP1 +127 ISZERO +128 PUSH2 0x0088 +131 JUMPI +132 PUSH1 0x00 +134 DUP1 +135 REVERT +136 JUMPDEST +137 POP +138 PUSH2 0x00ea +141 PUSH1 0x04 +143 DUP1 +144 CALLDATASIZE +145 SUB +146 DUP2 +147 ADD +148 SWAP1 +149 DUP1 +150 DUP1 +151 CALLDATALOAD +152 SWAP1 +153 PUSH1 0x20 +155 ADD +156 SWAP1 +157 DUP3 +158 ADD +159 DUP1 +160 CALLDATALOAD +161 SWAP1 +162 PUSH1 0x20 +164 ADD +165 SWAP1 +166 DUP1 +167 DUP1 +168 PUSH1 0x20 +170 MUL +171 PUSH1 0x20 +173 ADD +174 PUSH1 0x40 +176 MLOAD +177 SWAP1 +178 DUP2 +179 ADD +180 PUSH1 0x40 +182 MSTORE +183 DUP1 +184 SWAP4 +185 SWAP3 +186 SWAP2 +187 SWAP1 +188 DUP2 +189 DUP2 +190 MSTORE +191 PUSH1 0x20 +193 ADD +194 DUP4 +195 DUP4 +196 PUSH1 0x20 +198 MUL +199 DUP1 +200 DUP3 +201 DUP5 +202 CALLDATACOPY +203 DUP3 +204 ADD +205 SWAP2 +206 POP +207 POP +208 POP +209 POP +210 POP +211 POP +212 SWAP2 +213 SWAP3 +214 SWAP2 +215 SWAP3 +216 SWAP1 +217 DUP1 +218 CALLDATALOAD +219 SWAP1 +220 PUSH1 0x20 +222 ADD +223 SWAP1 +224 SWAP3 +225 SWAP2 +226 SWAP1 +227 POP +228 POP +229 POP +230 PUSH2 0x010a +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 ISZERO +241 ISZERO +242 ISZERO +243 ISZERO +244 DUP2 +245 MSTORE +246 PUSH1 0x20 +248 ADD +249 SWAP2 +250 POP +251 POP +252 PUSH1 0x40 +254 MLOAD +255 DUP1 +256 SWAP2 +257 SUB +258 SWAP1 +259 RETURN +260 JUMPDEST +261 PUSH1 0x00 +263 SLOAD +264 DUP2 +265 JUMP +266 JUMPDEST +267 PUSH1 0x00 +269 DUP1 +270 PUSH1 0x00 +272 DUP5 +273 MLOAD +274 SWAP2 +275 POP +276 DUP4 +277 DUP3 +278 MUL +279 SWAP1 +280 POP +281 PUSH1 0x00 +283 DUP3 +284 GT +285 DUP1 +286 ISZERO +287 PUSH2 0x0129 +290 JUMPI +291 POP +292 PUSH1 0x14 +294 DUP3 +295 GT +296 ISZERO +297 JUMPDEST +298 ISZERO +299 ISZERO +300 PUSH2 0x0134 +303 JUMPI +304 PUSH1 0x00 +306 DUP1 +307 REVERT +308 JUMPDEST +309 DUP1 +310 PUSH1 0x01 +312 PUSH1 0x00 +314 CALLER +315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +336 AND +337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +358 AND +359 DUP2 +360 MSTORE +361 PUSH1 0x20 +363 ADD +364 SWAP1 +365 DUP2 +366 MSTORE +367 PUSH1 0x20 +369 ADD +370 PUSH1 0x00 +372 SHA3 +373 PUSH1 0x00 +375 DUP3 +376 DUP3 +377 SLOAD +378 SUB +379 SWAP3 +380 POP +381 POP +382 DUP2 +383 SWAP1 +384 SSTORE +385 POP +386 PUSH1 0x01 +388 SWAP3 +389 POP +390 POP +391 POP +392 SWAP3 +393 SWAP2 +394 POP +395 POP +396 JUMP +397 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html new file mode 100644 index 00000000..bc273a9e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm new file mode 100644 index 00000000..b0a5e256 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm @@ -0,0 +1,420 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0078 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x12065fe0 +60 EQ +61 PUSH2 0x007d +64 JUMPI +65 DUP1 +66 PUSH4 0x27e235e3 +71 EQ +72 PUSH2 0x00a8 +75 JUMPI +76 DUP1 +77 PUSH4 0x56885cd8 +82 EQ +83 PUSH2 0x00ff +86 JUMPI +87 DUP1 +88 PUSH4 0x6c343ffe +93 EQ +94 PUSH2 0x0116 +97 JUMPI +98 DUP1 +99 PUSH4 0x8da5cb5b +104 EQ +105 PUSH2 0x012d +108 JUMPI +109 DUP1 +110 PUSH4 0xe8b5e51f +115 EQ +116 PUSH2 0x0184 +119 JUMPI +120 JUMPDEST +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 CALLVALUE +127 DUP1 +128 ISZERO +129 PUSH2 0x0089 +132 JUMPI +133 PUSH1 0x00 +135 DUP1 +136 REVERT +137 JUMPDEST +138 POP +139 PUSH2 0x0092 +142 PUSH2 0x018e +145 JUMP +146 JUMPDEST +147 PUSH1 0x40 +149 MLOAD +150 DUP1 +151 DUP3 +152 DUP2 +153 MSTORE +154 PUSH1 0x20 +156 ADD +157 SWAP2 +158 POP +159 POP +160 PUSH1 0x40 +162 MLOAD +163 DUP1 +164 SWAP2 +165 SUB +166 SWAP1 +167 RETURN +168 JUMPDEST +169 CALLVALUE +170 DUP1 +171 ISZERO +172 PUSH2 0x00b4 +175 JUMPI +176 PUSH1 0x00 +178 DUP1 +179 REVERT +180 JUMPDEST +181 POP +182 PUSH2 0x00e9 +185 PUSH1 0x04 +187 DUP1 +188 CALLDATASIZE +189 SUB +190 DUP2 +191 ADD +192 SWAP1 +193 DUP1 +194 DUP1 +195 CALLDATALOAD +196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +217 AND +218 SWAP1 +219 PUSH1 0x20 +221 ADD +222 SWAP1 +223 SWAP3 +224 SWAP2 +225 SWAP1 +226 POP +227 POP +228 POP +229 PUSH2 0x01d4 +232 JUMP +233 JUMPDEST +234 PUSH1 0x40 +236 MLOAD +237 DUP1 +238 DUP3 +239 DUP2 +240 MSTORE +241 PUSH1 0x20 +243 ADD +244 SWAP2 +245 POP +246 POP +247 PUSH1 0x40 +249 MLOAD +250 DUP1 +251 SWAP2 +252 SUB +253 SWAP1 +254 RETURN +255 JUMPDEST +256 CALLVALUE +257 DUP1 +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 POP +269 PUSH2 0x0114 +272 PUSH2 0x01ec +275 JUMP +276 JUMPDEST +277 STOP +278 JUMPDEST +279 CALLVALUE +280 DUP1 +281 ISZERO +282 PUSH2 0x0122 +285 JUMPI +286 PUSH1 0x00 +288 DUP1 +289 REVERT +290 JUMPDEST +291 POP +292 PUSH2 0x012b +295 PUSH2 0x022f +298 JUMP +299 JUMPDEST +300 STOP +301 JUMPDEST +302 CALLVALUE +303 DUP1 +304 ISZERO +305 PUSH2 0x0139 +308 JUMPI +309 PUSH1 0x00 +311 DUP1 +312 REVERT +313 JUMPDEST +314 POP +315 PUSH2 0x0142 +318 PUSH2 0x02eb +321 JUMP +322 JUMPDEST +323 PUSH1 0x40 +325 MLOAD +326 DUP1 +327 DUP3 +328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +349 AND +350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +371 AND +372 DUP2 +373 MSTORE +374 PUSH1 0x20 +376 ADD +377 SWAP2 +378 POP +379 POP +380 PUSH1 0x40 +382 MLOAD +383 DUP1 +384 SWAP2 +385 SUB +386 SWAP1 +387 RETURN +388 JUMPDEST +389 PUSH2 0x018c +392 PUSH2 0x0311 +395 JUMP +396 JUMPDEST +397 STOP +398 JUMPDEST +399 PUSH1 0x00 +401 DUP1 +402 PUSH1 0x00 +404 CALLER +405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +426 AND +427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +448 AND +449 DUP2 +450 MSTORE +451 PUSH1 0x20 +453 ADD +454 SWAP1 +455 DUP2 +456 MSTORE +457 PUSH1 0x20 +459 ADD +460 PUSH1 0x00 +462 SHA3 +463 SLOAD +464 SWAP1 +465 POP +466 SWAP1 +467 JUMP +468 JUMPDEST +469 PUSH1 0x00 +471 PUSH1 0x20 +473 MSTORE +474 DUP1 +475 PUSH1 0x00 +477 MSTORE +478 PUSH1 0x40 +480 PUSH1 0x00 +482 SHA3 +483 PUSH1 0x00 +485 SWAP2 +486 POP +487 SWAP1 +488 POP +489 SLOAD +490 DUP2 +491 JUMP +492 JUMPDEST +493 CALLER +494 PUSH1 0x01 +496 PUSH1 0x00 +498 PUSH2 0x0100 +501 EXP +502 DUP2 +503 SLOAD +504 DUP2 +505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +526 MUL +527 NOT +528 AND +529 SWAP1 +530 DUP4 +531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +552 AND +553 MUL +554 OR +555 SWAP1 +556 SSTORE +557 POP +558 JUMP +559 JUMPDEST +560 PUSH1 0x01 +562 PUSH1 0x00 +564 SWAP1 +565 SLOAD +566 SWAP1 +567 PUSH2 0x0100 +570 EXP +571 SWAP1 +572 DIV +573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +594 AND +595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +616 AND +617 CALLER +618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +639 AND +640 EQ +641 ISZERO +642 ISZERO +643 PUSH2 0x028b +646 JUMPI +647 PUSH1 0x00 +649 DUP1 +650 REVERT +651 JUMPDEST +652 CALLER +653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +674 AND +675 PUSH2 0x08fc +678 ADDRESS +679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +700 AND +701 BALANCE +702 SWAP1 +703 DUP2 +704 ISZERO +705 MUL +706 SWAP1 +707 PUSH1 0x40 +709 MLOAD +710 PUSH1 0x00 +712 PUSH1 0x40 +714 MLOAD +715 DUP1 +716 DUP4 +717 SUB +718 DUP2 +719 DUP6 +720 DUP9 +721 DUP9 +722 CALL +723 SWAP4 +724 POP +725 POP +726 POP +727 POP +728 ISZERO +729 DUP1 +730 ISZERO +731 PUSH2 0x02e8 +734 JUMPI +735 RETURNDATASIZE +736 PUSH1 0x00 +738 DUP1 +739 RETURNDATACOPY +740 RETURNDATASIZE +741 PUSH1 0x00 +743 REVERT +744 JUMPDEST +745 POP +746 JUMP +747 JUMPDEST +748 PUSH1 0x01 +750 PUSH1 0x00 +752 SWAP1 +753 SLOAD +754 SWAP1 +755 PUSH2 0x0100 +758 EXP +759 SWAP1 +760 DIV +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 JUMP +785 JUMPDEST +786 PUSH1 0x02 +788 SLOAD +789 CALLVALUE +790 GT +791 DUP1 +792 ISZERO +793 PUSH2 0x0323 +796 JUMPI +797 POP +798 PUSH1 0x03 +800 SLOAD +801 CALLVALUE +802 LT +803 JUMPDEST +804 ISZERO +805 ISZERO +806 PUSH2 0x032e +809 JUMPI +810 PUSH1 0x00 +812 DUP1 +813 REVERT +814 JUMPDEST +815 CALLVALUE +816 PUSH1 0x00 +818 DUP1 +819 CALLER +820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +841 AND +842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +863 AND +864 DUP2 +865 MSTORE +866 PUSH1 0x20 +868 ADD +869 SWAP1 +870 DUP2 +871 MSTORE +872 PUSH1 0x20 +874 ADD +875 PUSH1 0x00 +877 SHA3 +878 PUSH1 0x00 +880 DUP3 +881 DUP3 +882 SLOAD +883 ADD +884 SWAP3 +885 POP +886 POP +887 DUP2 +888 SWAP1 +889 SSTORE +890 POP +891 JUMP +892 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html new file mode 100644 index 00000000..dbd5387a --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json new file mode 100644 index 00000000..da2d8d12 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown new file mode 100644 index 00000000..c4e23873 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown @@ -0,0 +1,23 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `withdrawfunds()` +- PC address: 722 + +### Description + +It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `invest()` +- PC address: 883 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text new file mode 100644 index 00000000..6be210d9 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text @@ -0,0 +1,19 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: withdrawfunds() +PC address: 722 +It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: invest() +PC address: 883 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm new file mode 100644 index 00000000..ef83a75c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm @@ -0,0 +1,392 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x008e +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x01d4277c +60 EQ +61 PUSH2 0x0093 +64 JUMPI +65 DUP1 +66 PUSH4 0x546455b5 +71 EQ +72 PUSH2 0x00b6 +75 JUMPI +76 DUP1 +77 PUSH4 0x78375f14 +82 EQ +83 PUSH2 0x00d9 +86 JUMPI +87 DUP1 +88 PUSH4 0x92dd38ea +93 EQ +94 PUSH2 0x00fc +97 JUMPI +98 DUP1 +99 PUSH4 0xa08299f1 +104 EQ +105 PUSH2 0x011f +108 JUMPI +109 DUP1 +110 PUSH4 0xb34c3610 +115 EQ +116 PUSH2 0x0142 +119 JUMPI +120 DUP1 +121 PUSH4 0xb630d706 +126 EQ +127 PUSH2 0x0157 +130 JUMPI +131 DUP1 +132 PUSH4 0xf44f13d8 +137 EQ +138 PUSH2 0x017a +141 JUMPI +142 JUMPDEST +143 PUSH1 0x00 +145 DUP1 +146 REVERT +147 JUMPDEST +148 CALLVALUE +149 ISZERO +150 PUSH2 0x009e +153 JUMPI +154 PUSH1 0x00 +156 DUP1 +157 REVERT +158 JUMPDEST +159 PUSH2 0x00b4 +162 PUSH1 0x04 +164 DUP1 +165 DUP1 +166 CALLDATALOAD +167 SWAP1 +168 PUSH1 0x20 +170 ADD +171 SWAP1 +172 SWAP2 +173 SWAP1 +174 POP +175 POP +176 PUSH2 0x018f +179 JUMP +180 JUMPDEST +181 STOP +182 JUMPDEST +183 CALLVALUE +184 ISZERO +185 PUSH2 0x00c1 +188 JUMPI +189 PUSH1 0x00 +191 DUP1 +192 REVERT +193 JUMPDEST +194 PUSH2 0x00d7 +197 PUSH1 0x04 +199 DUP1 +200 DUP1 +201 CALLDATALOAD +202 SWAP1 +203 PUSH1 0x20 +205 ADD +206 SWAP1 +207 SWAP2 +208 SWAP1 +209 POP +210 POP +211 PUSH2 0x01b2 +214 JUMP +215 JUMPDEST +216 STOP +217 JUMPDEST +218 CALLVALUE +219 ISZERO +220 PUSH2 0x00e4 +223 JUMPI +224 PUSH1 0x00 +226 DUP1 +227 REVERT +228 JUMPDEST +229 PUSH2 0x00fa +232 PUSH1 0x04 +234 DUP1 +235 DUP1 +236 CALLDATALOAD +237 SWAP1 +238 PUSH1 0x20 +240 ADD +241 SWAP1 +242 SWAP2 +243 SWAP1 +244 POP +245 POP +246 PUSH2 0x01c2 +249 JUMP +250 JUMPDEST +251 STOP +252 JUMPDEST +253 CALLVALUE +254 ISZERO +255 PUSH2 0x0107 +258 JUMPI +259 PUSH1 0x00 +261 DUP1 +262 REVERT +263 JUMPDEST +264 PUSH2 0x011d +267 PUSH1 0x04 +269 DUP1 +270 DUP1 +271 CALLDATALOAD +272 SWAP1 +273 PUSH1 0x20 +275 ADD +276 SWAP1 +277 SWAP2 +278 SWAP1 +279 POP +280 POP +281 PUSH2 0x01d5 +284 JUMP +285 JUMPDEST +286 STOP +287 JUMPDEST +288 CALLVALUE +289 ISZERO +290 PUSH2 0x012a +293 JUMPI +294 PUSH1 0x00 +296 DUP1 +297 REVERT +298 JUMPDEST +299 PUSH2 0x0140 +302 PUSH1 0x04 +304 DUP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01ed +319 JUMP +320 JUMPDEST +321 STOP +322 JUMPDEST +323 CALLVALUE +324 ISZERO +325 PUSH2 0x014d +328 JUMPI +329 PUSH1 0x00 +331 DUP1 +332 REVERT +333 JUMPDEST +334 PUSH2 0x0155 +337 PUSH2 0x0202 +340 JUMP +341 JUMPDEST +342 STOP +343 JUMPDEST +344 CALLVALUE +345 ISZERO +346 PUSH2 0x0162 +349 JUMPI +350 PUSH1 0x00 +352 DUP1 +353 REVERT +354 JUMPDEST +355 PUSH2 0x0178 +358 PUSH1 0x04 +360 DUP1 +361 DUP1 +362 CALLDATALOAD +363 SWAP1 +364 PUSH1 0x20 +366 ADD +367 SWAP1 +368 SWAP2 +369 SWAP1 +370 POP +371 POP +372 PUSH2 0x0217 +375 JUMP +376 JUMPDEST +377 STOP +378 JUMPDEST +379 CALLVALUE +380 ISZERO +381 PUSH2 0x0185 +384 JUMPI +385 PUSH1 0x00 +387 DUP1 +388 REVERT +389 JUMPDEST +390 PUSH2 0x018d +393 PUSH2 0x0235 +396 JUMP +397 JUMPDEST +398 STOP +399 JUMPDEST +400 PUSH1 0x00 +402 PUSH1 0x08 +404 DUP3 +405 LT +406 ISZERO +407 PUSH2 0x01ae +410 JUMPI +411 PUSH1 0x00 +413 DUP3 +414 PUSH1 0x08 +416 DUP2 +417 LT +418 ISZERO +419 ISZERO +420 PUSH2 0x01a9 +423 JUMPI +424 ASSERT_FAIL +425 JUMPDEST +426 ADD +427 SLOAD +428 SWAP1 +429 POP +430 JUMPDEST +431 POP +432 POP +433 JUMP +434 JUMPDEST +435 PUSH1 0x17 +437 DUP2 +438 EQ +439 ISZERO +440 ISZERO +441 ISZERO +442 PUSH2 0x01bf +445 JUMPI +446 ASSERT_FAIL +447 JUMPDEST +448 POP +449 JUMP +450 JUMPDEST +451 PUSH1 0x17 +453 DUP2 +454 EQ +455 ISZERO +456 ISZERO +457 ISZERO +458 PUSH2 0x01d2 +461 JUMPI +462 PUSH1 0x00 +464 DUP1 +465 REVERT +466 JUMPDEST +467 POP +468 JUMP +469 JUMPDEST +470 PUSH1 0x00 +472 DUP1 +473 DUP3 +474 PUSH1 0x08 +476 DUP2 +477 LT +478 ISZERO +479 ISZERO +480 PUSH2 0x01e5 +483 JUMPI +484 ASSERT_FAIL +485 JUMPDEST +486 ADD +487 SLOAD +488 SWAP1 +489 POP +490 POP +491 POP +492 JUMP +493 JUMPDEST +494 PUSH1 0x00 +496 DUP2 +497 PUSH1 0x01 +499 DUP2 +500 ISZERO +501 ISZERO +502 PUSH2 0x01fb +505 JUMPI +506 ASSERT_FAIL +507 JUMPDEST +508 DIV +509 SWAP1 +510 POP +511 POP +512 POP +513 JUMP +514 JUMPDEST +515 PUSH1 0x00 +517 PUSH1 0x01 +519 SWAP1 +520 POP +521 PUSH1 0x00 +523 DUP2 +524 EQ +525 ISZERO +526 ISZERO +527 PUSH2 0x0214 +530 JUMPI +531 ASSERT_FAIL +532 JUMPDEST +533 POP +534 JUMP +535 JUMPDEST +536 PUSH1 0x00 +538 DUP1 +539 DUP3 +540 GT +541 ISZERO +542 PUSH2 0x0231 +545 JUMPI +546 DUP2 +547 PUSH1 0x01 +549 DUP2 +550 ISZERO +551 ISZERO +552 PUSH2 0x022d +555 JUMPI +556 ASSERT_FAIL +557 JUMPDEST +558 DIV +559 SWAP1 +560 POP +561 JUMPDEST +562 POP +563 POP +564 JUMP +565 JUMPDEST +566 PUSH1 0x00 +568 PUSH1 0x01 +570 SWAP1 +571 POP +572 PUSH1 0x00 +574 DUP2 +575 GT +576 ISZERO +577 ISZERO +578 PUSH2 0x0247 +581 JUMPI +582 ASSERT_FAIL +583 JUMPDEST +584 POP +585 JUMP +586 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html new file mode 100644 index 00000000..c9f9356e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json new file mode 100644 index 00000000..c8d722b5 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown new file mode 100644 index 00000000..2ed81d76 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x546455b5` +- PC address: 446 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x92dd38ea` +- PC address: 484 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xa08299f1` +- PC address: 506 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. + +## Exception state +- SWC ID: 110 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xb34c3610` +- PC address: 531 + +### Description + +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text new file mode 100644 index 00000000..a9ac2d73 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text @@ -0,0 +1,36 @@ +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x546455b5 +PC address: 446 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0x92dd38ea +PC address: 484 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xa08299f1 +PC address: 506 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + +==== Exception state ==== +SWC ID: 110 +Type: Informational +Contract: Unknown +Function name: _function_0xb34c3610 +PC address: 531 +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm new file mode 100644 index 00000000..571b1c66 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm @@ -0,0 +1,435 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x006d +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x141f32ff +60 EQ +61 PUSH2 0x0072 +64 JUMPI +65 DUP1 +66 PUSH4 0x2e52d606 +71 EQ +72 PUSH2 0x00b4 +75 JUMPI +76 DUP1 +77 PUSH4 0x67e404ce +82 EQ +83 PUSH2 0x00dd +86 JUMPI +87 DUP1 +88 PUSH4 0x9b58bc26 +93 EQ +94 PUSH2 0x0132 +97 JUMPI +98 DUP1 +99 PUSH4 0xeea4c864 +104 EQ +105 PUSH2 0x0174 +108 JUMPI +109 JUMPDEST +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 CALLVALUE +116 ISZERO +117 PUSH2 0x007d +120 JUMPI +121 PUSH1 0x00 +123 DUP1 +124 REVERT +125 JUMPDEST +126 PUSH2 0x00b2 +129 PUSH1 0x04 +131 DUP1 +132 DUP1 +133 CALLDATALOAD +134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +155 AND +156 SWAP1 +157 PUSH1 0x20 +159 ADD +160 SWAP1 +161 SWAP2 +162 SWAP1 +163 DUP1 +164 CALLDATALOAD +165 SWAP1 +166 PUSH1 0x20 +168 ADD +169 SWAP1 +170 SWAP2 +171 SWAP1 +172 POP +173 POP +174 PUSH2 0x01b6 +177 JUMP +178 JUMPDEST +179 STOP +180 JUMPDEST +181 CALLVALUE +182 ISZERO +183 PUSH2 0x00bf +186 JUMPI +187 PUSH1 0x00 +189 DUP1 +190 REVERT +191 JUMPDEST +192 PUSH2 0x00c7 +195 PUSH2 0x0273 +198 JUMP +199 JUMPDEST +200 PUSH1 0x40 +202 MLOAD +203 DUP1 +204 DUP3 +205 DUP2 +206 MSTORE +207 PUSH1 0x20 +209 ADD +210 SWAP2 +211 POP +212 POP +213 PUSH1 0x40 +215 MLOAD +216 DUP1 +217 SWAP2 +218 SUB +219 SWAP1 +220 RETURN +221 JUMPDEST +222 CALLVALUE +223 ISZERO +224 PUSH2 0x00e8 +227 JUMPI +228 PUSH1 0x00 +230 DUP1 +231 REVERT +232 JUMPDEST +233 PUSH2 0x00f0 +236 PUSH2 0x0279 +239 JUMP +240 JUMPDEST +241 PUSH1 0x40 +243 MLOAD +244 DUP1 +245 DUP3 +246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +267 AND +268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +289 AND +290 DUP2 +291 MSTORE +292 PUSH1 0x20 +294 ADD +295 SWAP2 +296 POP +297 POP +298 PUSH1 0x40 +300 MLOAD +301 DUP1 +302 SWAP2 +303 SUB +304 SWAP1 +305 RETURN +306 JUMPDEST +307 CALLVALUE +308 ISZERO +309 PUSH2 0x013d +312 JUMPI +313 PUSH1 0x00 +315 DUP1 +316 REVERT +317 JUMPDEST +318 PUSH2 0x0172 +321 PUSH1 0x04 +323 DUP1 +324 DUP1 +325 CALLDATALOAD +326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +347 AND +348 SWAP1 +349 PUSH1 0x20 +351 ADD +352 SWAP1 +353 SWAP2 +354 SWAP1 +355 DUP1 +356 CALLDATALOAD +357 SWAP1 +358 PUSH1 0x20 +360 ADD +361 SWAP1 +362 SWAP2 +363 SWAP1 +364 POP +365 POP +366 PUSH2 0x029f +369 JUMP +370 JUMPDEST +371 STOP +372 JUMPDEST +373 CALLVALUE +374 ISZERO +375 PUSH2 0x017f +378 JUMPI +379 PUSH1 0x00 +381 DUP1 +382 REVERT +383 JUMPDEST +384 PUSH2 0x01b4 +387 PUSH1 0x04 +389 DUP1 +390 DUP1 +391 CALLDATALOAD +392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +413 AND +414 SWAP1 +415 PUSH1 0x20 +417 ADD +418 SWAP1 +419 SWAP2 +420 SWAP1 +421 DUP1 +422 CALLDATALOAD +423 SWAP1 +424 PUSH1 0x20 +426 ADD +427 SWAP1 +428 SWAP2 +429 SWAP1 +430 POP +431 POP +432 PUSH2 0x035a +435 JUMP +436 JUMPDEST +437 STOP +438 JUMPDEST +439 DUP2 +440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +461 AND +462 PUSH1 0x40 +464 MLOAD +465 DUP1 +466 DUP1 +467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +500 DUP2 +501 MSTORE +502 POP +503 PUSH1 0x0d +505 ADD +506 SWAP1 +507 POP +508 PUSH1 0x40 +510 MLOAD +511 DUP1 +512 SWAP2 +513 SUB +514 SWAP1 +515 SHA3 +516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +546 SWAP1 +547 DIV +548 DUP3 +549 PUSH1 0x40 +551 MLOAD +552 DUP3 +553 PUSH4 0xffffffff +558 AND +559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +589 MUL +590 DUP2 +591 MSTORE +592 PUSH1 0x04 +594 ADD +595 DUP1 +596 DUP3 +597 DUP2 +598 MSTORE +599 PUSH1 0x20 +601 ADD +602 SWAP2 +603 POP +604 POP +605 PUSH1 0x00 +607 PUSH1 0x40 +609 MLOAD +610 DUP1 +611 DUP4 +612 SUB +613 DUP2 +614 PUSH1 0x00 +616 DUP8 +617 GAS +618 CALLCODE +619 SWAP3 +620 POP +621 POP +622 POP +623 POP +624 POP +625 POP +626 JUMP +627 JUMPDEST +628 PUSH1 0x00 +630 SLOAD +631 DUP2 +632 JUMP +633 JUMPDEST +634 PUSH1 0x01 +636 PUSH1 0x00 +638 SWAP1 +639 SLOAD +640 SWAP1 +641 PUSH2 0x0100 +644 EXP +645 SWAP1 +646 DIV +647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +668 AND +669 DUP2 +670 JUMP +671 JUMPDEST +672 DUP2 +673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +694 AND +695 PUSH1 0x40 +697 MLOAD +698 DUP1 +699 DUP1 +700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +733 DUP2 +734 MSTORE +735 POP +736 PUSH1 0x0d +738 ADD +739 SWAP1 +740 POP +741 PUSH1 0x40 +743 MLOAD +744 DUP1 +745 SWAP2 +746 SUB +747 SWAP1 +748 SHA3 +749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +779 SWAP1 +780 DIV +781 DUP3 +782 PUSH1 0x40 +784 MLOAD +785 DUP3 +786 PUSH4 0xffffffff +791 AND +792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +822 MUL +823 DUP2 +824 MSTORE +825 PUSH1 0x04 +827 ADD +828 DUP1 +829 DUP3 +830 DUP2 +831 MSTORE +832 PUSH1 0x20 +834 ADD +835 SWAP2 +836 POP +837 POP +838 PUSH1 0x00 +840 PUSH1 0x40 +842 MLOAD +843 DUP1 +844 DUP4 +845 SUB +846 DUP2 +847 DUP7 +848 GAS +849 DELEGATECALL +850 SWAP3 +851 POP +852 POP +853 POP +854 POP +855 POP +856 POP +857 JUMP +858 JUMPDEST +859 DUP2 +860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +881 AND +882 PUSH1 0x40 +884 MLOAD +885 DUP1 +886 DUP1 +887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 +920 DUP2 +921 MSTORE +922 POP +923 PUSH1 0x0d +925 ADD +926 SWAP1 +927 POP +928 PUSH1 0x40 +930 MLOAD +931 DUP1 +932 SWAP2 +933 SUB +934 SWAP1 +935 SHA3 +936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +966 SWAP1 +967 DIV +968 DUP3 +969 PUSH1 0x40 +971 MLOAD +972 DUP3 +973 PUSH4 0xffffffff +978 AND +979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +1009 MUL +1010 DUP2 +1011 MSTORE +1012 PUSH1 0x04 +1014 ADD +1015 DUP1 +1016 DUP3 +1017 DUP2 +1018 MSTORE +1019 PUSH1 0x20 +1021 ADD +1022 SWAP2 +1023 POP +1024 POP +1025 PUSH1 0x00 +1027 PUSH1 0x40 +1029 MLOAD +1030 DUP1 +1031 DUP4 +1032 SUB +1033 DUP2 +1034 PUSH1 0x00 +1036 DUP8 +1037 GAS +1038 CALL +1039 SWAP3 +1040 POP +1041 POP +1042 POP +1043 POP +1044 POP +1045 POP +1046 JUMP +1047 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html new file mode 100644 index 00000000..b7281833 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json new file mode 100644 index 00000000..4c42213f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown new file mode 100644 index 00000000..7208086f --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown @@ -0,0 +1,45 @@ +# Analysis results for test-filename.sol + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x141f32ff` +- PC address: 626 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x9b58bc26` +- PC address: 857 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. + +## Message call to external contract +- SWC ID: 107 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1038 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xeea4c864` +- PC address: 1046 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text new file mode 100644 index 00000000..46f49440 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text @@ -0,0 +1,36 @@ +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x141f32ff +PC address: 626 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0x9b58bc26 +PC address: 857 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Warning +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1038 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xeea4c864 +PC address: 1046 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm new file mode 100644 index 00000000..fbb53181 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm @@ -0,0 +1,253 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x27e235e3 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0x412664ae +71 EQ +72 PUSH2 0x009e +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0088 +96 PUSH1 0x04 +98 DUP1 +99 DUP1 +100 CALLDATALOAD +101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +122 AND +123 SWAP1 +124 PUSH1 0x20 +126 ADD +127 SWAP1 +128 SWAP2 +129 SWAP1 +130 POP +131 POP +132 PUSH2 0x00f8 +135 JUMP +136 JUMPDEST +137 PUSH1 0x40 +139 MLOAD +140 DUP1 +141 DUP3 +142 DUP2 +143 MSTORE +144 PUSH1 0x20 +146 ADD +147 SWAP2 +148 POP +149 POP +150 PUSH1 0x40 +152 MLOAD +153 DUP1 +154 SWAP2 +155 SUB +156 SWAP1 +157 RETURN +158 JUMPDEST +159 CALLVALUE +160 ISZERO +161 PUSH2 0x00a9 +164 JUMPI +165 PUSH1 0x00 +167 DUP1 +168 REVERT +169 JUMPDEST +170 PUSH2 0x00de +173 PUSH1 0x04 +175 DUP1 +176 DUP1 +177 CALLDATALOAD +178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +199 AND +200 SWAP1 +201 PUSH1 0x20 +203 ADD +204 SWAP1 +205 SWAP2 +206 SWAP1 +207 DUP1 +208 CALLDATALOAD +209 SWAP1 +210 PUSH1 0x20 +212 ADD +213 SWAP1 +214 SWAP2 +215 SWAP1 +216 POP +217 POP +218 PUSH2 0x0110 +221 JUMP +222 JUMPDEST +223 PUSH1 0x40 +225 MLOAD +226 DUP1 +227 DUP3 +228 ISZERO +229 ISZERO +230 ISZERO +231 ISZERO +232 DUP2 +233 MSTORE +234 PUSH1 0x20 +236 ADD +237 SWAP2 +238 POP +239 POP +240 PUSH1 0x40 +242 MLOAD +243 DUP1 +244 SWAP2 +245 SUB +246 SWAP1 +247 RETURN +248 JUMPDEST +249 PUSH1 0x00 +251 PUSH1 0x20 +253 MSTORE +254 DUP1 +255 PUSH1 0x00 +257 MSTORE +258 PUSH1 0x40 +260 PUSH1 0x00 +262 SHA3 +263 PUSH1 0x00 +265 SWAP2 +266 POP +267 SWAP1 +268 POP +269 SLOAD +270 DUP2 +271 JUMP +272 JUMPDEST +273 PUSH1 0x00 +275 DUP2 +276 PUSH1 0x00 +278 DUP1 +279 CALLER +280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +301 AND +302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +323 AND +324 DUP2 +325 MSTORE +326 PUSH1 0x20 +328 ADD +329 SWAP1 +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 PUSH1 0x00 +337 SHA3 +338 SLOAD +339 LT +340 ISZERO +341 PUSH2 0x0161 +344 JUMPI +345 PUSH1 0x00 +347 SWAP1 +348 POP +349 PUSH2 0x01fe +352 JUMP +353 JUMPDEST +354 DUP2 +355 PUSH1 0x00 +357 DUP1 +358 CALLER +359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +380 AND +381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +402 AND +403 DUP2 +404 MSTORE +405 PUSH1 0x20 +407 ADD +408 SWAP1 +409 DUP2 +410 MSTORE +411 PUSH1 0x20 +413 ADD +414 PUSH1 0x00 +416 SHA3 +417 PUSH1 0x00 +419 DUP3 +420 DUP3 +421 SLOAD +422 SUB +423 SWAP3 +424 POP +425 POP +426 DUP2 +427 SWAP1 +428 SSTORE +429 POP +430 DUP2 +431 PUSH1 0x00 +433 DUP1 +434 DUP6 +435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +456 AND +457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +478 AND +479 DUP2 +480 MSTORE +481 PUSH1 0x20 +483 ADD +484 SWAP1 +485 DUP2 +486 MSTORE +487 PUSH1 0x20 +489 ADD +490 PUSH1 0x00 +492 SHA3 +493 PUSH1 0x00 +495 DUP3 +496 DUP3 +497 SLOAD +498 ADD +499 SWAP3 +500 POP +501 POP +502 DUP2 +503 SWAP1 +504 SSTORE +505 POP +506 PUSH1 0x00 +508 SWAP1 +509 POP +510 JUMPDEST +511 SWAP3 +512 SWAP2 +513 POP +514 POP +515 JUMP +516 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html new file mode 100644 index 00000000..87302af0 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm new file mode 100644 index 00000000..e83ace06 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm @@ -0,0 +1,77 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0x8a4068dd +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x54 +81 PUSH1 0x56 +83 JUMP +84 JUMPDEST +85 STOP +86 JUMPDEST +87 CALLER +88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +109 AND +110 PUSH2 0x08fc +113 PUSH8 0x1bc16d674ec80000 +122 SWAP1 +123 DUP2 +124 ISZERO +125 MUL +126 SWAP1 +127 PUSH1 0x40 +129 MLOAD +130 PUSH1 0x00 +132 PUSH1 0x40 +134 MLOAD +135 DUP1 +136 DUP4 +137 SUB +138 DUP2 +139 DUP6 +140 DUP9 +141 DUP9 +142 CALL +143 SWAP4 +144 POP +145 POP +146 POP +147 POP +148 ISZERO +149 ISZERO +150 PUSH1 0x9d +152 JUMPI +153 PUSH1 0x00 +155 DUP1 +156 REVERT +157 JUMPDEST +158 JUMP +159 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html new file mode 100644 index 00000000..51431e2b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json new file mode 100644 index 00000000..3a8a609a --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown new file mode 100644 index 00000000..6cebd955 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown @@ -0,0 +1,12 @@ +# Analysis results for test-filename.sol + +## Ether send +- SWC ID: 105 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0x8a4068dd` +- PC address: 142 + +### Description + +It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text new file mode 100644 index 00000000..068f36d1 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text @@ -0,0 +1,9 @@ +==== Ether send ==== +SWC ID: 105 +Type: Warning +Contract: Unknown +Function name: _function_0x8a4068dd +PC address: 142 +It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm new file mode 100644 index 00000000..555d5ba3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm @@ -0,0 +1,167 @@ +0 PUSH1 0x80 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0041 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x24ff38a2 +60 EQ +61 PUSH2 0x0046 +64 JUMPI +65 JUMPDEST +66 PUSH1 0x00 +68 DUP1 +69 REVERT +70 JUMPDEST +71 CALLVALUE +72 DUP1 +73 ISZERO +74 PUSH2 0x0052 +77 JUMPI +78 PUSH1 0x00 +80 DUP1 +81 REVERT +82 JUMPDEST +83 POP +84 PUSH2 0x005b +87 PUSH2 0x00d6 +90 JUMP +91 JUMPDEST +92 PUSH1 0x40 +94 MLOAD +95 DUP1 +96 DUP1 +97 PUSH1 0x20 +99 ADD +100 DUP3 +101 DUP2 +102 SUB +103 DUP3 +104 MSTORE +105 DUP4 +106 DUP2 +107 DUP2 +108 MLOAD +109 DUP2 +110 MSTORE +111 PUSH1 0x20 +113 ADD +114 SWAP2 +115 POP +116 DUP1 +117 MLOAD +118 SWAP1 +119 PUSH1 0x20 +121 ADD +122 SWAP1 +123 DUP1 +124 DUP4 +125 DUP4 +126 PUSH1 0x00 +128 JUMPDEST +129 DUP4 +130 DUP2 +131 LT +132 ISZERO +133 PUSH2 0x009b +136 JUMPI +137 DUP1 +138 DUP3 +139 ADD +140 MLOAD +141 DUP2 +142 DUP5 +143 ADD +144 MSTORE +145 PUSH1 0x20 +147 DUP2 +148 ADD +149 SWAP1 +150 POP +151 PUSH2 0x0080 +154 JUMP +155 JUMPDEST +156 POP +157 POP +158 POP +159 POP +160 SWAP1 +161 POP +162 SWAP1 +163 DUP2 +164 ADD +165 SWAP1 +166 PUSH1 0x1f +168 AND +169 DUP1 +170 ISZERO +171 PUSH2 0x00c8 +174 JUMPI +175 DUP1 +176 DUP3 +177 SUB +178 DUP1 +179 MLOAD +180 PUSH1 0x01 +182 DUP4 +183 PUSH1 0x20 +185 SUB +186 PUSH2 0x0100 +189 EXP +190 SUB +191 NOT +192 AND +193 DUP2 +194 MSTORE +195 PUSH1 0x20 +197 ADD +198 SWAP2 +199 POP +200 JUMPDEST +201 POP +202 SWAP3 +203 POP +204 POP +205 POP +206 PUSH1 0x40 +208 MLOAD +209 DUP1 +210 SWAP2 +211 SUB +212 SWAP1 +213 RETURN +214 JUMPDEST +215 PUSH1 0x60 +217 PUSH1 0x40 +219 DUP1 +220 MLOAD +221 SWAP1 +222 DUP2 +223 ADD +224 PUSH1 0x40 +226 MSTORE +227 DUP1 +228 PUSH1 0x17 +230 DUP2 +231 MSTORE +232 PUSH1 0x20 +234 ADD +235 PUSH32 0xd0a5d18dd0bbd0bbd0bed18320d092d0bed180d0bbd0b4000000000000000000 +268 DUP2 +269 MSTORE +270 POP +271 SWAP1 +272 POP +273 SWAP1 +274 JUMP +275 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html new file mode 100644 index 00000000..bfce08fb --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json new file mode 100644 index 00000000..237b1c1e --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown new file mode 100644 index 00000000..321484fd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown @@ -0,0 +1,3 @@ +# Analysis results for None + +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text new file mode 100644 index 00000000..729320d8 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text @@ -0,0 +1 @@ +The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm new file mode 100644 index 00000000..e1bffe10 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm @@ -0,0 +1,168 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x8da5cb5b +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xf2fde38b +71 EQ +72 PUSH2 0x00a6 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x00df +99 JUMP +100 JUMPDEST +101 PUSH1 0x40 +103 MLOAD +104 DUP1 +105 DUP3 +106 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +127 AND +128 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +149 AND +150 DUP2 +151 MSTORE +152 PUSH1 0x20 +154 ADD +155 SWAP2 +156 POP +157 POP +158 PUSH1 0x40 +160 MLOAD +161 DUP1 +162 SWAP2 +163 SUB +164 SWAP1 +165 RETURN +166 JUMPDEST +167 CALLVALUE +168 ISZERO +169 PUSH2 0x00b1 +172 JUMPI +173 PUSH1 0x00 +175 DUP1 +176 REVERT +177 JUMPDEST +178 PUSH2 0x00dd +181 PUSH1 0x04 +183 DUP1 +184 DUP1 +185 CALLDATALOAD +186 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +207 AND +208 SWAP1 +209 PUSH1 0x20 +211 ADD +212 SWAP1 +213 SWAP2 +214 SWAP1 +215 POP +216 POP +217 PUSH2 0x0104 +220 JUMP +221 JUMPDEST +222 STOP +223 JUMPDEST +224 PUSH1 0x00 +226 DUP1 +227 SWAP1 +228 SLOAD +229 SWAP1 +230 PUSH2 0x0100 +233 EXP +234 SWAP1 +235 DIV +236 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +257 AND +258 DUP2 +259 JUMP +260 JUMPDEST +261 PUSH1 0x00 +263 DUP1 +264 SWAP1 +265 SLOAD +266 SWAP1 +267 PUSH2 0x0100 +270 EXP +271 SWAP1 +272 DIV +273 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +294 AND +295 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +316 AND +317 ORIGIN +318 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +339 AND +340 EQ +341 ISZERO +342 ISZERO +343 PUSH2 0x015f +346 JUMPI +347 PUSH1 0x00 +349 DUP1 +350 REVERT +351 JUMPDEST +352 PUSH1 0x00 +354 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +375 AND +376 DUP2 +377 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +398 AND +399 EQ +400 ISZERO +401 ISZERO +402 PUSH2 0x01d6 +405 JUMPI +406 DUP1 +407 PUSH1 0x00 +409 DUP1 +410 PUSH2 0x0100 +413 EXP +414 DUP2 +415 SLOAD +416 DUP2 +417 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +438 MUL +439 NOT +440 AND +441 SWAP1 +442 DUP4 +443 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +464 AND +465 MUL +466 OR +467 SWAP1 +468 SSTORE +469 POP +470 JUMPDEST +471 POP +472 JUMP +473 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html new file mode 100644 index 00000000..88665173 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json new file mode 100644 index 00000000..0e924831 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown new file mode 100644 index 00000000..1e9d6d8b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown @@ -0,0 +1,13 @@ +# Analysis results for test-filename.sol + +## Use of tx.origin +- SWC ID: 115 +- Type: Warning +- Contract: Unknown +- Function name: `transferOwnership(address)` +- PC address: 317 + +### Description + +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text new file mode 100644 index 00000000..b71422be --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text @@ -0,0 +1,10 @@ +==== Use of tx.origin ==== +SWC ID: 115 +Type: Warning +Contract: Unknown +Function name: transferOwnership(address) +PC address: 317 +The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. +See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm new file mode 100644 index 00000000..b0763999 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm @@ -0,0 +1,388 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x02 +735 PUSH1 0x00 +737 DUP1 +738 DUP6 +739 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +760 AND +761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +782 AND +783 DUP2 +784 MSTORE +785 PUSH1 0x20 +787 ADD +788 SWAP1 +789 DUP2 +790 MSTORE +791 PUSH1 0x20 +793 ADD +794 PUSH1 0x00 +796 SHA3 +797 DUP2 +798 SWAP1 +799 SSTORE +800 POP +801 PUSH1 0x01 +803 SWAP1 +804 POP +805 SWAP3 +806 SWAP2 +807 POP +808 POP +809 JUMP +810 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html new file mode 100644 index 00000000..188273ad --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json new file mode 100644 index 00000000..d651908c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown new file mode 100644 index 00000000..f042f183 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The subtraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The subtraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text new file mode 100644 index 00000000..ad480ffd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The subtraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The subtraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm new file mode 100644 index 00000000..13a426cc --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm @@ -0,0 +1,129 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x004c +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x633ab5e0 +60 EQ +61 PUSH2 0x0051 +64 JUMPI +65 DUP1 +66 PUSH4 0xe3bea282 +71 EQ +72 PUSH2 0x0066 +75 JUMPI +76 JUMPDEST +77 PUSH1 0x00 +79 DUP1 +80 REVERT +81 JUMPDEST +82 CALLVALUE +83 ISZERO +84 PUSH2 0x005c +87 JUMPI +88 PUSH1 0x00 +90 DUP1 +91 REVERT +92 JUMPDEST +93 PUSH2 0x0064 +96 PUSH2 0x007b +99 JUMP +100 JUMPDEST +101 STOP +102 JUMPDEST +103 CALLVALUE +104 ISZERO +105 PUSH2 0x0071 +108 JUMPI +109 PUSH1 0x00 +111 DUP1 +112 REVERT +113 JUMPDEST +114 PUSH2 0x0079 +117 PUSH2 0x00d4 +120 JUMP +121 JUMPDEST +122 STOP +123 JUMPDEST +124 PUSH1 0x00 +126 DUP1 +127 SWAP1 +128 SLOAD +129 SWAP1 +130 PUSH2 0x0100 +133 EXP +134 SWAP1 +135 DIV +136 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +157 AND +158 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +179 AND +180 PUSH1 0x40 +182 MLOAD +183 PUSH1 0x00 +185 PUSH1 0x40 +187 MLOAD +188 DUP1 +189 DUP4 +190 SUB +191 DUP2 +192 PUSH1 0x00 +194 DUP7 +195 GAS +196 CALL +197 SWAP2 +198 POP +199 POP +200 ISZERO +201 ISZERO +202 PUSH2 0x00d2 +205 JUMPI +206 PUSH1 0x00 +208 DUP1 +209 REVERT +210 JUMPDEST +211 JUMP +212 JUMPDEST +213 PUSH1 0x00 +215 DUP1 +216 SWAP1 +217 SLOAD +218 SWAP1 +219 PUSH2 0x0100 +222 EXP +223 SWAP1 +224 DIV +225 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +246 AND +247 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +268 AND +269 PUSH1 0x40 +271 MLOAD +272 PUSH1 0x00 +274 PUSH1 0x40 +276 MLOAD +277 DUP1 +278 DUP4 +279 SUB +280 DUP2 +281 PUSH1 0x00 +283 DUP7 +284 GAS +285 CALL +286 SWAP2 +287 POP +288 POP +289 POP +290 JUMP +291 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html new file mode 100644 index 00000000..759f6b55 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json new file mode 100644 index 00000000..81ee3cb3 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown new file mode 100644 index 00000000..f3a058bd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0x633ab5e0` +- PC address: 196 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Message call to external contract +- SWC ID: 107 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 285 + +### Description + +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. + +## Unchecked CALL return value +- SWC ID: 104 +- Type: Informational +- Contract: Unknown +- Function name: `_function_0xe3bea282` +- PC address: 290 + +### Description + +The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text new file mode 100644 index 00000000..2a8b1470 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text @@ -0,0 +1,27 @@ +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0x633ab5e0 +PC address: 196 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Message call to external contract ==== +SWC ID: 107 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 285 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. +-------------------- + +==== Unchecked CALL return value ==== +SWC ID: 104 +Type: Informational +Contract: Unknown +Function name: _function_0xe3bea282 +PC address: 290 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm new file mode 100644 index 00000000..892e7787 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm @@ -0,0 +1,58 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH1 0x3f +11 JUMPI +12 PUSH1 0x00 +14 CALLDATALOAD +15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +45 SWAP1 +46 DIV +47 PUSH4 0xffffffff +52 AND +53 DUP1 +54 PUSH4 0xcbf0b0c0 +59 EQ +60 PUSH1 0x44 +62 JUMPI +63 JUMPDEST +64 PUSH1 0x00 +66 DUP1 +67 REVERT +68 JUMPDEST +69 CALLVALUE +70 ISZERO +71 PUSH1 0x4e +73 JUMPI +74 PUSH1 0x00 +76 DUP1 +77 REVERT +78 JUMPDEST +79 PUSH1 0x78 +81 PUSH1 0x04 +83 DUP1 +84 DUP1 +85 CALLDATALOAD +86 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +107 AND +108 SWAP1 +109 PUSH1 0x20 +111 ADD +112 SWAP1 +113 SWAP2 +114 SWAP1 +115 POP +116 POP +117 PUSH1 0x7a +119 JUMP +120 JUMPDEST +121 STOP +122 JUMPDEST +123 DUP1 +124 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +145 AND +146 SUICIDE +147 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html new file mode 100644 index 00000000..173d77ea --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json new file mode 100644 index 00000000..4b9b6b83 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown new file mode 100644 index 00000000..6d24f84d --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown @@ -0,0 +1,12 @@ +# Analysis results for test-filename.sol + +## Unchecked SUICIDE +- SWC ID: 106 +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xcbf0b0c0` +- PC address: 146 + +### Description + +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text new file mode 100644 index 00000000..138bf06b --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text @@ -0,0 +1,10 @@ +==== Unchecked SUICIDE ==== +SWC ID: 106 +Type: Warning +Contract: Unknown +Function name: _function_0xcbf0b0c0 +PC address: 146 +A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. + +-------------------- + diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm new file mode 100644 index 00000000..0ed8f651 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm @@ -0,0 +1,365 @@ +0 PUSH1 0x60 +2 PUSH1 0x40 +4 MSTORE +5 PUSH1 0x04 +7 CALLDATASIZE +8 LT +9 PUSH2 0x0062 +12 JUMPI +13 PUSH1 0x00 +15 CALLDATALOAD +16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 +46 SWAP1 +47 DIV +48 PUSH4 0xffffffff +53 AND +54 DUP1 +55 PUSH4 0x18160ddd +60 EQ +61 PUSH2 0x0067 +64 JUMPI +65 DUP1 +66 PUSH4 0x6241bfd1 +71 EQ +72 PUSH2 0x0090 +75 JUMPI +76 DUP1 +77 PUSH4 0x70a08231 +82 EQ +83 PUSH2 0x00b3 +86 JUMPI +87 DUP1 +88 PUSH4 0xa3210e87 +93 EQ +94 PUSH2 0x0100 +97 JUMPI +98 JUMPDEST +99 PUSH1 0x00 +101 DUP1 +102 REVERT +103 JUMPDEST +104 CALLVALUE +105 ISZERO +106 PUSH2 0x0072 +109 JUMPI +110 PUSH1 0x00 +112 DUP1 +113 REVERT +114 JUMPDEST +115 PUSH2 0x007a +118 PUSH2 0x015a +121 JUMP +122 JUMPDEST +123 PUSH1 0x40 +125 MLOAD +126 DUP1 +127 DUP3 +128 DUP2 +129 MSTORE +130 PUSH1 0x20 +132 ADD +133 SWAP2 +134 POP +135 POP +136 PUSH1 0x40 +138 MLOAD +139 DUP1 +140 SWAP2 +141 SUB +142 SWAP1 +143 RETURN +144 JUMPDEST +145 CALLVALUE +146 ISZERO +147 PUSH2 0x009b +150 JUMPI +151 PUSH1 0x00 +153 DUP1 +154 REVERT +155 JUMPDEST +156 PUSH2 0x00b1 +159 PUSH1 0x04 +161 DUP1 +162 DUP1 +163 CALLDATALOAD +164 SWAP1 +165 PUSH1 0x20 +167 ADD +168 SWAP1 +169 SWAP2 +170 SWAP1 +171 POP +172 POP +173 PUSH2 0x0160 +176 JUMP +177 JUMPDEST +178 STOP +179 JUMPDEST +180 CALLVALUE +181 ISZERO +182 PUSH2 0x00be +185 JUMPI +186 PUSH1 0x00 +188 DUP1 +189 REVERT +190 JUMPDEST +191 PUSH2 0x00ea +194 PUSH1 0x04 +196 DUP1 +197 DUP1 +198 CALLDATALOAD +199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +220 AND +221 SWAP1 +222 PUSH1 0x20 +224 ADD +225 SWAP1 +226 SWAP2 +227 SWAP1 +228 POP +229 POP +230 PUSH2 0x01ab +233 JUMP +234 JUMPDEST +235 PUSH1 0x40 +237 MLOAD +238 DUP1 +239 DUP3 +240 DUP2 +241 MSTORE +242 PUSH1 0x20 +244 ADD +245 SWAP2 +246 POP +247 POP +248 PUSH1 0x40 +250 MLOAD +251 DUP1 +252 SWAP2 +253 SUB +254 SWAP1 +255 RETURN +256 JUMPDEST +257 CALLVALUE +258 ISZERO +259 PUSH2 0x010b +262 JUMPI +263 PUSH1 0x00 +265 DUP1 +266 REVERT +267 JUMPDEST +268 PUSH2 0x0140 +271 PUSH1 0x04 +273 DUP1 +274 DUP1 +275 CALLDATALOAD +276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +297 AND +298 SWAP1 +299 PUSH1 0x20 +301 ADD +302 SWAP1 +303 SWAP2 +304 SWAP1 +305 DUP1 +306 CALLDATALOAD +307 SWAP1 +308 PUSH1 0x20 +310 ADD +311 SWAP1 +312 SWAP2 +313 SWAP1 +314 POP +315 POP +316 PUSH2 0x01f3 +319 JUMP +320 JUMPDEST +321 PUSH1 0x40 +323 MLOAD +324 DUP1 +325 DUP3 +326 ISZERO +327 ISZERO +328 ISZERO +329 ISZERO +330 DUP2 +331 MSTORE +332 PUSH1 0x20 +334 ADD +335 SWAP2 +336 POP +337 POP +338 PUSH1 0x40 +340 MLOAD +341 DUP1 +342 SWAP2 +343 SUB +344 SWAP1 +345 RETURN +346 JUMPDEST +347 PUSH1 0x01 +349 SLOAD +350 DUP2 +351 JUMP +352 JUMPDEST +353 DUP1 +354 PUSH1 0x01 +356 DUP2 +357 SWAP1 +358 SSTORE +359 PUSH1 0x00 +361 DUP1 +362 CALLER +363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +384 AND +385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +406 AND +407 DUP2 +408 MSTORE +409 PUSH1 0x20 +411 ADD +412 SWAP1 +413 DUP2 +414 MSTORE +415 PUSH1 0x20 +417 ADD +418 PUSH1 0x00 +420 SHA3 +421 DUP2 +422 SWAP1 +423 SSTORE +424 POP +425 POP +426 JUMP +427 JUMPDEST +428 PUSH1 0x00 +430 DUP1 +431 PUSH1 0x00 +433 DUP4 +434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +455 AND +456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +477 AND +478 DUP2 +479 MSTORE +480 PUSH1 0x20 +482 ADD +483 SWAP1 +484 DUP2 +485 MSTORE +486 PUSH1 0x20 +488 ADD +489 PUSH1 0x00 +491 SHA3 +492 SLOAD +493 SWAP1 +494 POP +495 SWAP2 +496 SWAP1 +497 POP +498 JUMP +499 JUMPDEST +500 PUSH1 0x00 +502 DUP1 +503 DUP3 +504 PUSH1 0x00 +506 DUP1 +507 CALLER +508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +529 AND +530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +551 AND +552 DUP2 +553 MSTORE +554 PUSH1 0x20 +556 ADD +557 SWAP1 +558 DUP2 +559 MSTORE +560 PUSH1 0x20 +562 ADD +563 PUSH1 0x00 +565 SHA3 +566 SLOAD +567 SUB +568 LT +569 ISZERO +570 ISZERO +571 ISZERO +572 PUSH2 0x0244 +575 JUMPI +576 PUSH1 0x00 +578 DUP1 +579 REVERT +580 JUMPDEST +581 DUP2 +582 PUSH1 0x00 +584 DUP1 +585 CALLER +586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +607 AND +608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +629 AND +630 DUP2 +631 MSTORE +632 PUSH1 0x20 +634 ADD +635 SWAP1 +636 DUP2 +637 MSTORE +638 PUSH1 0x20 +640 ADD +641 PUSH1 0x00 +643 SHA3 +644 PUSH1 0x00 +646 DUP3 +647 DUP3 +648 SLOAD +649 SUB +650 SWAP3 +651 POP +652 POP +653 DUP2 +654 SWAP1 +655 SSTORE +656 POP +657 DUP2 +658 PUSH1 0x00 +660 DUP1 +661 DUP6 +662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +683 AND +684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff +705 AND +706 DUP2 +707 MSTORE +708 PUSH1 0x20 +710 ADD +711 SWAP1 +712 DUP2 +713 MSTORE +714 PUSH1 0x20 +716 ADD +717 PUSH1 0x00 +719 SHA3 +720 PUSH1 0x00 +722 DUP3 +723 DUP3 +724 SLOAD +725 ADD +726 SWAP3 +727 POP +728 POP +729 DUP2 +730 SWAP1 +731 SSTORE +732 POP +733 PUSH1 0x01 +735 SWAP1 +736 POP +737 SWAP3 +738 SWAP2 +739 POP +740 POP +741 JUMP +742 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html new file mode 100644 index 00000000..767cda13 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html @@ -0,0 +1,62 @@ + + + + Call Graph + + + + + + + + + + +

Mythril / Ethereum LASER Symbolic VM

+
+ + + \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json new file mode 100644 index 00000000..d651908c --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json @@ -0,0 +1 @@ +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown new file mode 100644 index 00000000..f042f183 --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown @@ -0,0 +1,34 @@ +# Analysis results for test-filename.sol + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 567 + +### Description + +The subtraction can result in an integer underflow. + +## Integer Underflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 649 + +### Description + +The subtraction can result in an integer underflow. + +## Integer Overflow +- SWC ID: 101 +- Type: Warning +- Contract: Unknown +- Function name: `sendeth(address,uint256)` +- PC address: 725 + +### Description + +The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text new file mode 100644 index 00000000..ad480ffd --- /dev/null +++ b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text @@ -0,0 +1,30 @@ +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 567 +The subtraction can result in an integer underflow. + +-------------------- + +==== Integer Underflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 649 +The subtraction can result in an integer underflow. + +-------------------- + +==== Integer Overflow ==== +SWC ID: 101 +Type: Warning +Contract: Unknown +Function name: sendeth(address,uint256) +PC address: 725 +The arithmetic operation can result in integer overflow. + +-------------------- + diff --git a/tests/testdata/outputs_expected/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/overflow.sol.o.graph.html index 5d117d28..188273ad 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.graph.html +++ b/tests/testdata/outputs_expected/overflow.sol.o.graph.html @@ -8,6 +8,7 @@

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+

Mythril / Ethereum LASER Symbolic VM

-


+
- - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json deleted file mode 100644 index d7b6f7e0..00000000 --- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown deleted file mode 100644 index f19dbaef..00000000 --- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown +++ /dev/null @@ -1,111 +0,0 @@ -# Analysis results for test-filename.sol - -## Message call to external contract -- SWC ID: 107 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x5a6814ec` -- PC address: 661 - -### Description - -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x5a6814ec` -- PC address: 666 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. - -## Message call to external contract -- SWC ID: 107 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xd24b08cc` -- PC address: 779 - -### Description - -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. - -## Transaction order dependence -- SWC ID: 114 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xd24b08cc` -- PC address: 779 - -### Description - -Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xd24b08cc` -- PC address: 784 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. - -## Message call to external contract -- SWC ID: 107 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xe11f493e` -- PC address: 858 - -### Description - -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. - -## State change after external call -- SWC ID: 107 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xe11f493e` -- PC address: 869 - -### Description - -The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xe11f493e` -- PC address: 871 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. - -## Message call to external contract -- SWC ID: 107 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xe1d10f79` -- PC address: 912 - -### Description - -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xe1d10f79` -- PC address: 918 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text deleted file mode 100644 index c65b9fc7..00000000 --- a/tests/testdata/outputs_expected/outputs_current/calls.sol.o.text +++ /dev/null @@ -1,90 +0,0 @@ -==== Message call to external contract ==== -SWC ID: 107 -Type: Informational -Contract: Unknown -Function name: _function_0x5a6814ec -PC address: 661 -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0x5a6814ec -PC address: 666 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - -==== Message call to external contract ==== -SWC ID: 107 -Type: Warning -Contract: Unknown -Function name: _function_0xd24b08cc -PC address: 779 -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. --------------------- - -==== Transaction order dependence ==== -SWC ID: 114 -Type: Warning -Contract: Unknown -Function name: _function_0xd24b08cc -PC address: 779 -Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0xd24b08cc -PC address: 784 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - -==== Message call to external contract ==== -SWC ID: 107 -Type: Informational -Contract: Unknown -Function name: _function_0xe11f493e -PC address: 858 -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. --------------------- - -==== State change after external call ==== -SWC ID: 107 -Type: Warning -Contract: Unknown -Function name: _function_0xe11f493e -PC address: 869 -The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0xe11f493e -PC address: 871 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - -==== Message call to external contract ==== -SWC ID: 107 -Type: Warning -Contract: Unknown -Function name: _function_0xe1d10f79 -PC address: 912 -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0xe1d10f79 -PC address: 918 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm deleted file mode 100644 index 7a5b2043..00000000 --- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm +++ /dev/null @@ -1,259 +0,0 @@ -0 PUSH1 0x80 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x004c -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x06661abd -60 EQ -61 PUSH2 0x0051 -64 JUMPI -65 DUP1 -66 PUSH4 0x83f12fec -71 EQ -72 PUSH2 0x007c -75 JUMPI -76 JUMPDEST -77 PUSH1 0x00 -79 DUP1 -80 REVERT -81 JUMPDEST -82 CALLVALUE -83 DUP1 -84 ISZERO -85 PUSH2 0x005d -88 JUMPI -89 PUSH1 0x00 -91 DUP1 -92 REVERT -93 JUMPDEST -94 POP -95 PUSH2 0x0066 -98 PUSH2 0x0104 -101 JUMP -102 JUMPDEST -103 PUSH1 0x40 -105 MLOAD -106 DUP1 -107 DUP3 -108 DUP2 -109 MSTORE -110 PUSH1 0x20 -112 ADD -113 SWAP2 -114 POP -115 POP -116 PUSH1 0x40 -118 MLOAD -119 DUP1 -120 SWAP2 -121 SUB -122 SWAP1 -123 RETURN -124 JUMPDEST -125 CALLVALUE -126 DUP1 -127 ISZERO -128 PUSH2 0x0088 -131 JUMPI -132 PUSH1 0x00 -134 DUP1 -135 REVERT -136 JUMPDEST -137 POP -138 PUSH2 0x00ea -141 PUSH1 0x04 -143 DUP1 -144 CALLDATASIZE -145 SUB -146 DUP2 -147 ADD -148 SWAP1 -149 DUP1 -150 DUP1 -151 CALLDATALOAD -152 SWAP1 -153 PUSH1 0x20 -155 ADD -156 SWAP1 -157 DUP3 -158 ADD -159 DUP1 -160 CALLDATALOAD -161 SWAP1 -162 PUSH1 0x20 -164 ADD -165 SWAP1 -166 DUP1 -167 DUP1 -168 PUSH1 0x20 -170 MUL -171 PUSH1 0x20 -173 ADD -174 PUSH1 0x40 -176 MLOAD -177 SWAP1 -178 DUP2 -179 ADD -180 PUSH1 0x40 -182 MSTORE -183 DUP1 -184 SWAP4 -185 SWAP3 -186 SWAP2 -187 SWAP1 -188 DUP2 -189 DUP2 -190 MSTORE -191 PUSH1 0x20 -193 ADD -194 DUP4 -195 DUP4 -196 PUSH1 0x20 -198 MUL -199 DUP1 -200 DUP3 -201 DUP5 -202 CALLDATACOPY -203 DUP3 -204 ADD -205 SWAP2 -206 POP -207 POP -208 POP -209 POP -210 POP -211 POP -212 SWAP2 -213 SWAP3 -214 SWAP2 -215 SWAP3 -216 SWAP1 -217 DUP1 -218 CALLDATALOAD -219 SWAP1 -220 PUSH1 0x20 -222 ADD -223 SWAP1 -224 SWAP3 -225 SWAP2 -226 SWAP1 -227 POP -228 POP -229 POP -230 PUSH2 0x010a -233 JUMP -234 JUMPDEST -235 PUSH1 0x40 -237 MLOAD -238 DUP1 -239 DUP3 -240 ISZERO -241 ISZERO -242 ISZERO -243 ISZERO -244 DUP2 -245 MSTORE -246 PUSH1 0x20 -248 ADD -249 SWAP2 -250 POP -251 POP -252 PUSH1 0x40 -254 MLOAD -255 DUP1 -256 SWAP2 -257 SUB -258 SWAP1 -259 RETURN -260 JUMPDEST -261 PUSH1 0x00 -263 SLOAD -264 DUP2 -265 JUMP -266 JUMPDEST -267 PUSH1 0x00 -269 DUP1 -270 PUSH1 0x00 -272 DUP5 -273 MLOAD -274 SWAP2 -275 POP -276 DUP4 -277 DUP3 -278 MUL -279 SWAP1 -280 POP -281 PUSH1 0x00 -283 DUP3 -284 GT -285 DUP1 -286 ISZERO -287 PUSH2 0x0129 -290 JUMPI -291 POP -292 PUSH1 0x14 -294 DUP3 -295 GT -296 ISZERO -297 JUMPDEST -298 ISZERO -299 ISZERO -300 PUSH2 0x0134 -303 JUMPI -304 PUSH1 0x00 -306 DUP1 -307 REVERT -308 JUMPDEST -309 DUP1 -310 PUSH1 0x01 -312 PUSH1 0x00 -314 CALLER -315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -336 AND -337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -358 AND -359 DUP2 -360 MSTORE -361 PUSH1 0x20 -363 ADD -364 SWAP1 -365 DUP2 -366 MSTORE -367 PUSH1 0x20 -369 ADD -370 PUSH1 0x00 -372 SHA3 -373 PUSH1 0x00 -375 DUP3 -376 DUP3 -377 SLOAD -378 SUB -379 SWAP3 -380 POP -381 POP -382 DUP2 -383 SWAP1 -384 SSTORE -385 POP -386 PUSH1 0x01 -388 SWAP3 -389 POP -390 POP -391 POP -392 SWAP3 -393 SWAP2 -394 POP -395 POP -396 JUMP -397 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html deleted file mode 100644 index 14a02195..00000000 --- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json deleted file mode 100644 index 207b9a02..00000000 --- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 158, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 278, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}, {"address": 378, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "_function_0x83f12fec", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown deleted file mode 100644 index c9630745..00000000 --- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.markdown +++ /dev/null @@ -1,34 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Overflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0x83f12fec` -- PC address: 158 - -### Description - -The arithmetic operation can result in integer overflow. - -## Integer Overflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0x83f12fec` -- PC address: 278 - -### Description - -The arithmetic operation can result in integer overflow. - -## Integer Underflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0x83f12fec` -- PC address: 378 - -### Description - -The substraction can result in an integer underflow. diff --git a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text b/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text deleted file mode 100644 index ef673002..00000000 --- a/tests/testdata/outputs_expected/outputs_current/environments.sol.o.text +++ /dev/null @@ -1,30 +0,0 @@ -==== Integer Overflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: _function_0x83f12fec -PC address: 158 -The arithmetic operation can result in integer overflow. - --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: _function_0x83f12fec -PC address: 278 -The arithmetic operation can result in integer overflow. - --------------------- - -==== Integer Underflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: _function_0x83f12fec -PC address: 378 -The substraction can result in an integer underflow. - --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm deleted file mode 100644 index b0a5e256..00000000 --- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm +++ /dev/null @@ -1,420 +0,0 @@ -0 PUSH1 0x80 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x0078 -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x12065fe0 -60 EQ -61 PUSH2 0x007d -64 JUMPI -65 DUP1 -66 PUSH4 0x27e235e3 -71 EQ -72 PUSH2 0x00a8 -75 JUMPI -76 DUP1 -77 PUSH4 0x56885cd8 -82 EQ -83 PUSH2 0x00ff -86 JUMPI -87 DUP1 -88 PUSH4 0x6c343ffe -93 EQ -94 PUSH2 0x0116 -97 JUMPI -98 DUP1 -99 PUSH4 0x8da5cb5b -104 EQ -105 PUSH2 0x012d -108 JUMPI -109 DUP1 -110 PUSH4 0xe8b5e51f -115 EQ -116 PUSH2 0x0184 -119 JUMPI -120 JUMPDEST -121 PUSH1 0x00 -123 DUP1 -124 REVERT -125 JUMPDEST -126 CALLVALUE -127 DUP1 -128 ISZERO -129 PUSH2 0x0089 -132 JUMPI -133 PUSH1 0x00 -135 DUP1 -136 REVERT -137 JUMPDEST -138 POP -139 PUSH2 0x0092 -142 PUSH2 0x018e -145 JUMP -146 JUMPDEST -147 PUSH1 0x40 -149 MLOAD -150 DUP1 -151 DUP3 -152 DUP2 -153 MSTORE -154 PUSH1 0x20 -156 ADD -157 SWAP2 -158 POP -159 POP -160 PUSH1 0x40 -162 MLOAD -163 DUP1 -164 SWAP2 -165 SUB -166 SWAP1 -167 RETURN -168 JUMPDEST -169 CALLVALUE -170 DUP1 -171 ISZERO -172 PUSH2 0x00b4 -175 JUMPI -176 PUSH1 0x00 -178 DUP1 -179 REVERT -180 JUMPDEST -181 POP -182 PUSH2 0x00e9 -185 PUSH1 0x04 -187 DUP1 -188 CALLDATASIZE -189 SUB -190 DUP2 -191 ADD -192 SWAP1 -193 DUP1 -194 DUP1 -195 CALLDATALOAD -196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -217 AND -218 SWAP1 -219 PUSH1 0x20 -221 ADD -222 SWAP1 -223 SWAP3 -224 SWAP2 -225 SWAP1 -226 POP -227 POP -228 POP -229 PUSH2 0x01d4 -232 JUMP -233 JUMPDEST -234 PUSH1 0x40 -236 MLOAD -237 DUP1 -238 DUP3 -239 DUP2 -240 MSTORE -241 PUSH1 0x20 -243 ADD -244 SWAP2 -245 POP -246 POP -247 PUSH1 0x40 -249 MLOAD -250 DUP1 -251 SWAP2 -252 SUB -253 SWAP1 -254 RETURN -255 JUMPDEST -256 CALLVALUE -257 DUP1 -258 ISZERO -259 PUSH2 0x010b -262 JUMPI -263 PUSH1 0x00 -265 DUP1 -266 REVERT -267 JUMPDEST -268 POP -269 PUSH2 0x0114 -272 PUSH2 0x01ec -275 JUMP -276 JUMPDEST -277 STOP -278 JUMPDEST -279 CALLVALUE -280 DUP1 -281 ISZERO -282 PUSH2 0x0122 -285 JUMPI -286 PUSH1 0x00 -288 DUP1 -289 REVERT -290 JUMPDEST -291 POP -292 PUSH2 0x012b -295 PUSH2 0x022f -298 JUMP -299 JUMPDEST -300 STOP -301 JUMPDEST -302 CALLVALUE -303 DUP1 -304 ISZERO -305 PUSH2 0x0139 -308 JUMPI -309 PUSH1 0x00 -311 DUP1 -312 REVERT -313 JUMPDEST -314 POP -315 PUSH2 0x0142 -318 PUSH2 0x02eb -321 JUMP -322 JUMPDEST -323 PUSH1 0x40 -325 MLOAD -326 DUP1 -327 DUP3 -328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -349 AND -350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -371 AND -372 DUP2 -373 MSTORE -374 PUSH1 0x20 -376 ADD -377 SWAP2 -378 POP -379 POP -380 PUSH1 0x40 -382 MLOAD -383 DUP1 -384 SWAP2 -385 SUB -386 SWAP1 -387 RETURN -388 JUMPDEST -389 PUSH2 0x018c -392 PUSH2 0x0311 -395 JUMP -396 JUMPDEST -397 STOP -398 JUMPDEST -399 PUSH1 0x00 -401 DUP1 -402 PUSH1 0x00 -404 CALLER -405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -426 AND -427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -448 AND -449 DUP2 -450 MSTORE -451 PUSH1 0x20 -453 ADD -454 SWAP1 -455 DUP2 -456 MSTORE -457 PUSH1 0x20 -459 ADD -460 PUSH1 0x00 -462 SHA3 -463 SLOAD -464 SWAP1 -465 POP -466 SWAP1 -467 JUMP -468 JUMPDEST -469 PUSH1 0x00 -471 PUSH1 0x20 -473 MSTORE -474 DUP1 -475 PUSH1 0x00 -477 MSTORE -478 PUSH1 0x40 -480 PUSH1 0x00 -482 SHA3 -483 PUSH1 0x00 -485 SWAP2 -486 POP -487 SWAP1 -488 POP -489 SLOAD -490 DUP2 -491 JUMP -492 JUMPDEST -493 CALLER -494 PUSH1 0x01 -496 PUSH1 0x00 -498 PUSH2 0x0100 -501 EXP -502 DUP2 -503 SLOAD -504 DUP2 -505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -526 MUL -527 NOT -528 AND -529 SWAP1 -530 DUP4 -531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -552 AND -553 MUL -554 OR -555 SWAP1 -556 SSTORE -557 POP -558 JUMP -559 JUMPDEST -560 PUSH1 0x01 -562 PUSH1 0x00 -564 SWAP1 -565 SLOAD -566 SWAP1 -567 PUSH2 0x0100 -570 EXP -571 SWAP1 -572 DIV -573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -594 AND -595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -616 AND -617 CALLER -618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -639 AND -640 EQ -641 ISZERO -642 ISZERO -643 PUSH2 0x028b -646 JUMPI -647 PUSH1 0x00 -649 DUP1 -650 REVERT -651 JUMPDEST -652 CALLER -653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -674 AND -675 PUSH2 0x08fc -678 ADDRESS -679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -700 AND -701 BALANCE -702 SWAP1 -703 DUP2 -704 ISZERO -705 MUL -706 SWAP1 -707 PUSH1 0x40 -709 MLOAD -710 PUSH1 0x00 -712 PUSH1 0x40 -714 MLOAD -715 DUP1 -716 DUP4 -717 SUB -718 DUP2 -719 DUP6 -720 DUP9 -721 DUP9 -722 CALL -723 SWAP4 -724 POP -725 POP -726 POP -727 POP -728 ISZERO -729 DUP1 -730 ISZERO -731 PUSH2 0x02e8 -734 JUMPI -735 RETURNDATASIZE -736 PUSH1 0x00 -738 DUP1 -739 RETURNDATACOPY -740 RETURNDATASIZE -741 PUSH1 0x00 -743 REVERT -744 JUMPDEST -745 POP -746 JUMP -747 JUMPDEST -748 PUSH1 0x01 -750 PUSH1 0x00 -752 SWAP1 -753 SLOAD -754 SWAP1 -755 PUSH2 0x0100 -758 EXP -759 SWAP1 -760 DIV -761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -782 AND -783 DUP2 -784 JUMP -785 JUMPDEST -786 PUSH1 0x02 -788 SLOAD -789 CALLVALUE -790 GT -791 DUP1 -792 ISZERO -793 PUSH2 0x0323 -796 JUMPI -797 POP -798 PUSH1 0x03 -800 SLOAD -801 CALLVALUE -802 LT -803 JUMPDEST -804 ISZERO -805 ISZERO -806 PUSH2 0x032e -809 JUMPI -810 PUSH1 0x00 -812 DUP1 -813 REVERT -814 JUMPDEST -815 CALLVALUE -816 PUSH1 0x00 -818 DUP1 -819 CALLER -820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -841 AND -842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -863 AND -864 DUP2 -865 MSTORE -866 PUSH1 0x20 -868 ADD -869 SWAP1 -870 DUP2 -871 MSTORE -872 PUSH1 0x20 -874 ADD -875 PUSH1 0x00 -877 SHA3 -878 PUSH1 0x00 -880 DUP3 -881 DUP3 -882 SLOAD -883 ADD -884 SWAP3 -885 POP -886 POP -887 DUP2 -888 SWAP1 -889 SSTORE -890 POP -891 JUMP -892 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html deleted file mode 100644 index 45e1d97a..00000000 --- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json deleted file mode 100644 index 03d3f2d6..00000000 --- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown deleted file mode 100644 index c4e23873..00000000 --- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown +++ /dev/null @@ -1,23 +0,0 @@ -# Analysis results for test-filename.sol - -## Ether send -- SWC ID: 105 -- Type: Warning -- Contract: Unknown -- Function name: `withdrawfunds()` -- PC address: 722 - -### Description - -It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. - -## Integer Overflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `invest()` -- PC address: 883 - -### Description - -The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text b/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text deleted file mode 100644 index 6be210d9..00000000 --- a/tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text +++ /dev/null @@ -1,19 +0,0 @@ -==== Ether send ==== -SWC ID: 105 -Type: Warning -Contract: Unknown -Function name: withdrawfunds() -PC address: 722 -It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: invest() -PC address: 883 -The arithmetic operation can result in integer overflow. - --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm deleted file mode 100644 index ef83a75c..00000000 --- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm +++ /dev/null @@ -1,392 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x008e -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x01d4277c -60 EQ -61 PUSH2 0x0093 -64 JUMPI -65 DUP1 -66 PUSH4 0x546455b5 -71 EQ -72 PUSH2 0x00b6 -75 JUMPI -76 DUP1 -77 PUSH4 0x78375f14 -82 EQ -83 PUSH2 0x00d9 -86 JUMPI -87 DUP1 -88 PUSH4 0x92dd38ea -93 EQ -94 PUSH2 0x00fc -97 JUMPI -98 DUP1 -99 PUSH4 0xa08299f1 -104 EQ -105 PUSH2 0x011f -108 JUMPI -109 DUP1 -110 PUSH4 0xb34c3610 -115 EQ -116 PUSH2 0x0142 -119 JUMPI -120 DUP1 -121 PUSH4 0xb630d706 -126 EQ -127 PUSH2 0x0157 -130 JUMPI -131 DUP1 -132 PUSH4 0xf44f13d8 -137 EQ -138 PUSH2 0x017a -141 JUMPI -142 JUMPDEST -143 PUSH1 0x00 -145 DUP1 -146 REVERT -147 JUMPDEST -148 CALLVALUE -149 ISZERO -150 PUSH2 0x009e -153 JUMPI -154 PUSH1 0x00 -156 DUP1 -157 REVERT -158 JUMPDEST -159 PUSH2 0x00b4 -162 PUSH1 0x04 -164 DUP1 -165 DUP1 -166 CALLDATALOAD -167 SWAP1 -168 PUSH1 0x20 -170 ADD -171 SWAP1 -172 SWAP2 -173 SWAP1 -174 POP -175 POP -176 PUSH2 0x018f -179 JUMP -180 JUMPDEST -181 STOP -182 JUMPDEST -183 CALLVALUE -184 ISZERO -185 PUSH2 0x00c1 -188 JUMPI -189 PUSH1 0x00 -191 DUP1 -192 REVERT -193 JUMPDEST -194 PUSH2 0x00d7 -197 PUSH1 0x04 -199 DUP1 -200 DUP1 -201 CALLDATALOAD -202 SWAP1 -203 PUSH1 0x20 -205 ADD -206 SWAP1 -207 SWAP2 -208 SWAP1 -209 POP -210 POP -211 PUSH2 0x01b2 -214 JUMP -215 JUMPDEST -216 STOP -217 JUMPDEST -218 CALLVALUE -219 ISZERO -220 PUSH2 0x00e4 -223 JUMPI -224 PUSH1 0x00 -226 DUP1 -227 REVERT -228 JUMPDEST -229 PUSH2 0x00fa -232 PUSH1 0x04 -234 DUP1 -235 DUP1 -236 CALLDATALOAD -237 SWAP1 -238 PUSH1 0x20 -240 ADD -241 SWAP1 -242 SWAP2 -243 SWAP1 -244 POP -245 POP -246 PUSH2 0x01c2 -249 JUMP -250 JUMPDEST -251 STOP -252 JUMPDEST -253 CALLVALUE -254 ISZERO -255 PUSH2 0x0107 -258 JUMPI -259 PUSH1 0x00 -261 DUP1 -262 REVERT -263 JUMPDEST -264 PUSH2 0x011d -267 PUSH1 0x04 -269 DUP1 -270 DUP1 -271 CALLDATALOAD -272 SWAP1 -273 PUSH1 0x20 -275 ADD -276 SWAP1 -277 SWAP2 -278 SWAP1 -279 POP -280 POP -281 PUSH2 0x01d5 -284 JUMP -285 JUMPDEST -286 STOP -287 JUMPDEST -288 CALLVALUE -289 ISZERO -290 PUSH2 0x012a -293 JUMPI -294 PUSH1 0x00 -296 DUP1 -297 REVERT -298 JUMPDEST -299 PUSH2 0x0140 -302 PUSH1 0x04 -304 DUP1 -305 DUP1 -306 CALLDATALOAD -307 SWAP1 -308 PUSH1 0x20 -310 ADD -311 SWAP1 -312 SWAP2 -313 SWAP1 -314 POP -315 POP -316 PUSH2 0x01ed -319 JUMP -320 JUMPDEST -321 STOP -322 JUMPDEST -323 CALLVALUE -324 ISZERO -325 PUSH2 0x014d -328 JUMPI -329 PUSH1 0x00 -331 DUP1 -332 REVERT -333 JUMPDEST -334 PUSH2 0x0155 -337 PUSH2 0x0202 -340 JUMP -341 JUMPDEST -342 STOP -343 JUMPDEST -344 CALLVALUE -345 ISZERO -346 PUSH2 0x0162 -349 JUMPI -350 PUSH1 0x00 -352 DUP1 -353 REVERT -354 JUMPDEST -355 PUSH2 0x0178 -358 PUSH1 0x04 -360 DUP1 -361 DUP1 -362 CALLDATALOAD -363 SWAP1 -364 PUSH1 0x20 -366 ADD -367 SWAP1 -368 SWAP2 -369 SWAP1 -370 POP -371 POP -372 PUSH2 0x0217 -375 JUMP -376 JUMPDEST -377 STOP -378 JUMPDEST -379 CALLVALUE -380 ISZERO -381 PUSH2 0x0185 -384 JUMPI -385 PUSH1 0x00 -387 DUP1 -388 REVERT -389 JUMPDEST -390 PUSH2 0x018d -393 PUSH2 0x0235 -396 JUMP -397 JUMPDEST -398 STOP -399 JUMPDEST -400 PUSH1 0x00 -402 PUSH1 0x08 -404 DUP3 -405 LT -406 ISZERO -407 PUSH2 0x01ae -410 JUMPI -411 PUSH1 0x00 -413 DUP3 -414 PUSH1 0x08 -416 DUP2 -417 LT -418 ISZERO -419 ISZERO -420 PUSH2 0x01a9 -423 JUMPI -424 ASSERT_FAIL -425 JUMPDEST -426 ADD -427 SLOAD -428 SWAP1 -429 POP -430 JUMPDEST -431 POP -432 POP -433 JUMP -434 JUMPDEST -435 PUSH1 0x17 -437 DUP2 -438 EQ -439 ISZERO -440 ISZERO -441 ISZERO -442 PUSH2 0x01bf -445 JUMPI -446 ASSERT_FAIL -447 JUMPDEST -448 POP -449 JUMP -450 JUMPDEST -451 PUSH1 0x17 -453 DUP2 -454 EQ -455 ISZERO -456 ISZERO -457 ISZERO -458 PUSH2 0x01d2 -461 JUMPI -462 PUSH1 0x00 -464 DUP1 -465 REVERT -466 JUMPDEST -467 POP -468 JUMP -469 JUMPDEST -470 PUSH1 0x00 -472 DUP1 -473 DUP3 -474 PUSH1 0x08 -476 DUP2 -477 LT -478 ISZERO -479 ISZERO -480 PUSH2 0x01e5 -483 JUMPI -484 ASSERT_FAIL -485 JUMPDEST -486 ADD -487 SLOAD -488 SWAP1 -489 POP -490 POP -491 POP -492 JUMP -493 JUMPDEST -494 PUSH1 0x00 -496 DUP2 -497 PUSH1 0x01 -499 DUP2 -500 ISZERO -501 ISZERO -502 PUSH2 0x01fb -505 JUMPI -506 ASSERT_FAIL -507 JUMPDEST -508 DIV -509 SWAP1 -510 POP -511 POP -512 POP -513 JUMP -514 JUMPDEST -515 PUSH1 0x00 -517 PUSH1 0x01 -519 SWAP1 -520 POP -521 PUSH1 0x00 -523 DUP2 -524 EQ -525 ISZERO -526 ISZERO -527 PUSH2 0x0214 -530 JUMPI -531 ASSERT_FAIL -532 JUMPDEST -533 POP -534 JUMP -535 JUMPDEST -536 PUSH1 0x00 -538 DUP1 -539 DUP3 -540 GT -541 ISZERO -542 PUSH2 0x0231 -545 JUMPI -546 DUP2 -547 PUSH1 0x01 -549 DUP2 -550 ISZERO -551 ISZERO -552 PUSH2 0x022d -555 JUMPI -556 ASSERT_FAIL -557 JUMPDEST -558 DIV -559 SWAP1 -560 POP -561 JUMPDEST -562 POP -563 POP -564 JUMP -565 JUMPDEST -566 PUSH1 0x00 -568 PUSH1 0x01 -570 SWAP1 -571 POP -572 PUSH1 0x00 -574 DUP2 -575 GT -576 ISZERO -577 ISZERO -578 PUSH2 0x0247 -581 JUMPI -582 ASSERT_FAIL -583 JUMPDEST -584 POP -585 JUMP -586 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html deleted file mode 100644 index 874f4164..00000000 --- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json deleted file mode 100644 index c8d722b5..00000000 --- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown deleted file mode 100644 index 2ed81d76..00000000 --- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown +++ /dev/null @@ -1,45 +0,0 @@ -# Analysis results for test-filename.sol - -## Exception state -- SWC ID: 110 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x546455b5` -- PC address: 446 - -### Description - -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception state -- SWC ID: 110 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x92dd38ea` -- PC address: 484 - -### Description - -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception state -- SWC ID: 110 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xa08299f1` -- PC address: 506 - -### Description - -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception state -- SWC ID: 110 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xb34c3610` -- PC address: 531 - -### Description - -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. diff --git a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text b/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text deleted file mode 100644 index a9ac2d73..00000000 --- a/tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text +++ /dev/null @@ -1,36 +0,0 @@ -==== Exception state ==== -SWC ID: 110 -Type: Informational -Contract: Unknown -Function name: _function_0x546455b5 -PC address: 446 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception state ==== -SWC ID: 110 -Type: Informational -Contract: Unknown -Function name: _function_0x92dd38ea -PC address: 484 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception state ==== -SWC ID: 110 -Type: Informational -Contract: Unknown -Function name: _function_0xa08299f1 -PC address: 506 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception state ==== -SWC ID: 110 -Type: Informational -Contract: Unknown -Function name: _function_0xb34c3610 -PC address: 531 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm deleted file mode 100644 index 571b1c66..00000000 --- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm +++ /dev/null @@ -1,435 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x006d -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x141f32ff -60 EQ -61 PUSH2 0x0072 -64 JUMPI -65 DUP1 -66 PUSH4 0x2e52d606 -71 EQ -72 PUSH2 0x00b4 -75 JUMPI -76 DUP1 -77 PUSH4 0x67e404ce -82 EQ -83 PUSH2 0x00dd -86 JUMPI -87 DUP1 -88 PUSH4 0x9b58bc26 -93 EQ -94 PUSH2 0x0132 -97 JUMPI -98 DUP1 -99 PUSH4 0xeea4c864 -104 EQ -105 PUSH2 0x0174 -108 JUMPI -109 JUMPDEST -110 PUSH1 0x00 -112 DUP1 -113 REVERT -114 JUMPDEST -115 CALLVALUE -116 ISZERO -117 PUSH2 0x007d -120 JUMPI -121 PUSH1 0x00 -123 DUP1 -124 REVERT -125 JUMPDEST -126 PUSH2 0x00b2 -129 PUSH1 0x04 -131 DUP1 -132 DUP1 -133 CALLDATALOAD -134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -155 AND -156 SWAP1 -157 PUSH1 0x20 -159 ADD -160 SWAP1 -161 SWAP2 -162 SWAP1 -163 DUP1 -164 CALLDATALOAD -165 SWAP1 -166 PUSH1 0x20 -168 ADD -169 SWAP1 -170 SWAP2 -171 SWAP1 -172 POP -173 POP -174 PUSH2 0x01b6 -177 JUMP -178 JUMPDEST -179 STOP -180 JUMPDEST -181 CALLVALUE -182 ISZERO -183 PUSH2 0x00bf -186 JUMPI -187 PUSH1 0x00 -189 DUP1 -190 REVERT -191 JUMPDEST -192 PUSH2 0x00c7 -195 PUSH2 0x0273 -198 JUMP -199 JUMPDEST -200 PUSH1 0x40 -202 MLOAD -203 DUP1 -204 DUP3 -205 DUP2 -206 MSTORE -207 PUSH1 0x20 -209 ADD -210 SWAP2 -211 POP -212 POP -213 PUSH1 0x40 -215 MLOAD -216 DUP1 -217 SWAP2 -218 SUB -219 SWAP1 -220 RETURN -221 JUMPDEST -222 CALLVALUE -223 ISZERO -224 PUSH2 0x00e8 -227 JUMPI -228 PUSH1 0x00 -230 DUP1 -231 REVERT -232 JUMPDEST -233 PUSH2 0x00f0 -236 PUSH2 0x0279 -239 JUMP -240 JUMPDEST -241 PUSH1 0x40 -243 MLOAD -244 DUP1 -245 DUP3 -246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -267 AND -268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -289 AND -290 DUP2 -291 MSTORE -292 PUSH1 0x20 -294 ADD -295 SWAP2 -296 POP -297 POP -298 PUSH1 0x40 -300 MLOAD -301 DUP1 -302 SWAP2 -303 SUB -304 SWAP1 -305 RETURN -306 JUMPDEST -307 CALLVALUE -308 ISZERO -309 PUSH2 0x013d -312 JUMPI -313 PUSH1 0x00 -315 DUP1 -316 REVERT -317 JUMPDEST -318 PUSH2 0x0172 -321 PUSH1 0x04 -323 DUP1 -324 DUP1 -325 CALLDATALOAD -326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -347 AND -348 SWAP1 -349 PUSH1 0x20 -351 ADD -352 SWAP1 -353 SWAP2 -354 SWAP1 -355 DUP1 -356 CALLDATALOAD -357 SWAP1 -358 PUSH1 0x20 -360 ADD -361 SWAP1 -362 SWAP2 -363 SWAP1 -364 POP -365 POP -366 PUSH2 0x029f -369 JUMP -370 JUMPDEST -371 STOP -372 JUMPDEST -373 CALLVALUE -374 ISZERO -375 PUSH2 0x017f -378 JUMPI -379 PUSH1 0x00 -381 DUP1 -382 REVERT -383 JUMPDEST -384 PUSH2 0x01b4 -387 PUSH1 0x04 -389 DUP1 -390 DUP1 -391 CALLDATALOAD -392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -413 AND -414 SWAP1 -415 PUSH1 0x20 -417 ADD -418 SWAP1 -419 SWAP2 -420 SWAP1 -421 DUP1 -422 CALLDATALOAD -423 SWAP1 -424 PUSH1 0x20 -426 ADD -427 SWAP1 -428 SWAP2 -429 SWAP1 -430 POP -431 POP -432 PUSH2 0x035a -435 JUMP -436 JUMPDEST -437 STOP -438 JUMPDEST -439 DUP2 -440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -461 AND -462 PUSH1 0x40 -464 MLOAD -465 DUP1 -466 DUP1 -467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 -500 DUP2 -501 MSTORE -502 POP -503 PUSH1 0x0d -505 ADD -506 SWAP1 -507 POP -508 PUSH1 0x40 -510 MLOAD -511 DUP1 -512 SWAP2 -513 SUB -514 SWAP1 -515 SHA3 -516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -546 SWAP1 -547 DIV -548 DUP3 -549 PUSH1 0x40 -551 MLOAD -552 DUP3 -553 PUSH4 0xffffffff -558 AND -559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -589 MUL -590 DUP2 -591 MSTORE -592 PUSH1 0x04 -594 ADD -595 DUP1 -596 DUP3 -597 DUP2 -598 MSTORE -599 PUSH1 0x20 -601 ADD -602 SWAP2 -603 POP -604 POP -605 PUSH1 0x00 -607 PUSH1 0x40 -609 MLOAD -610 DUP1 -611 DUP4 -612 SUB -613 DUP2 -614 PUSH1 0x00 -616 DUP8 -617 GAS -618 CALLCODE -619 SWAP3 -620 POP -621 POP -622 POP -623 POP -624 POP -625 POP -626 JUMP -627 JUMPDEST -628 PUSH1 0x00 -630 SLOAD -631 DUP2 -632 JUMP -633 JUMPDEST -634 PUSH1 0x01 -636 PUSH1 0x00 -638 SWAP1 -639 SLOAD -640 SWAP1 -641 PUSH2 0x0100 -644 EXP -645 SWAP1 -646 DIV -647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -668 AND -669 DUP2 -670 JUMP -671 JUMPDEST -672 DUP2 -673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -694 AND -695 PUSH1 0x40 -697 MLOAD -698 DUP1 -699 DUP1 -700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 -733 DUP2 -734 MSTORE -735 POP -736 PUSH1 0x0d -738 ADD -739 SWAP1 -740 POP -741 PUSH1 0x40 -743 MLOAD -744 DUP1 -745 SWAP2 -746 SUB -747 SWAP1 -748 SHA3 -749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -779 SWAP1 -780 DIV -781 DUP3 -782 PUSH1 0x40 -784 MLOAD -785 DUP3 -786 PUSH4 0xffffffff -791 AND -792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -822 MUL -823 DUP2 -824 MSTORE -825 PUSH1 0x04 -827 ADD -828 DUP1 -829 DUP3 -830 DUP2 -831 MSTORE -832 PUSH1 0x20 -834 ADD -835 SWAP2 -836 POP -837 POP -838 PUSH1 0x00 -840 PUSH1 0x40 -842 MLOAD -843 DUP1 -844 DUP4 -845 SUB -846 DUP2 -847 DUP7 -848 GAS -849 DELEGATECALL -850 SWAP3 -851 POP -852 POP -853 POP -854 POP -855 POP -856 POP -857 JUMP -858 JUMPDEST -859 DUP2 -860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -881 AND -882 PUSH1 0x40 -884 MLOAD -885 DUP1 -886 DUP1 -887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000 -920 DUP2 -921 MSTORE -922 POP -923 PUSH1 0x0d -925 ADD -926 SWAP1 -927 POP -928 PUSH1 0x40 -930 MLOAD -931 DUP1 -932 SWAP2 -933 SUB -934 SWAP1 -935 SHA3 -936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -966 SWAP1 -967 DIV -968 DUP3 -969 PUSH1 0x40 -971 MLOAD -972 DUP3 -973 PUSH4 0xffffffff -978 AND -979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -1009 MUL -1010 DUP2 -1011 MSTORE -1012 PUSH1 0x04 -1014 ADD -1015 DUP1 -1016 DUP3 -1017 DUP2 -1018 MSTORE -1019 PUSH1 0x20 -1021 ADD -1022 SWAP2 -1023 POP -1024 POP -1025 PUSH1 0x00 -1027 PUSH1 0x40 -1029 MLOAD -1030 DUP1 -1031 DUP4 -1032 SUB -1033 DUP2 -1034 PUSH1 0x00 -1036 DUP8 -1037 GAS -1038 CALL -1039 SWAP3 -1040 POP -1041 POP -1042 POP -1043 POP -1044 POP -1045 POP -1046 JUMP -1047 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html deleted file mode 100644 index afbd4fb1..00000000 --- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json deleted file mode 100644 index 4c42213f..00000000 --- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown deleted file mode 100644 index 7208086f..00000000 --- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown +++ /dev/null @@ -1,45 +0,0 @@ -# Analysis results for test-filename.sol - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x141f32ff` -- PC address: 626 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x9b58bc26` -- PC address: 857 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. - -## Message call to external contract -- SWC ID: 107 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1038 - -### Description - -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1046 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text deleted file mode 100644 index 46f49440..00000000 --- a/tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text +++ /dev/null @@ -1,36 +0,0 @@ -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0x141f32ff -PC address: 626 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0x9b58bc26 -PC address: 857 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - -==== Message call to external contract ==== -SWC ID: 107 -Type: Warning -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1038 -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1046 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm deleted file mode 100644 index fbb53181..00000000 --- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm +++ /dev/null @@ -1,253 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x004c -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x27e235e3 -60 EQ -61 PUSH2 0x0051 -64 JUMPI -65 DUP1 -66 PUSH4 0x412664ae -71 EQ -72 PUSH2 0x009e -75 JUMPI -76 JUMPDEST -77 PUSH1 0x00 -79 DUP1 -80 REVERT -81 JUMPDEST -82 CALLVALUE -83 ISZERO -84 PUSH2 0x005c -87 JUMPI -88 PUSH1 0x00 -90 DUP1 -91 REVERT -92 JUMPDEST -93 PUSH2 0x0088 -96 PUSH1 0x04 -98 DUP1 -99 DUP1 -100 CALLDATALOAD -101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -122 AND -123 SWAP1 -124 PUSH1 0x20 -126 ADD -127 SWAP1 -128 SWAP2 -129 SWAP1 -130 POP -131 POP -132 PUSH2 0x00f8 -135 JUMP -136 JUMPDEST -137 PUSH1 0x40 -139 MLOAD -140 DUP1 -141 DUP3 -142 DUP2 -143 MSTORE -144 PUSH1 0x20 -146 ADD -147 SWAP2 -148 POP -149 POP -150 PUSH1 0x40 -152 MLOAD -153 DUP1 -154 SWAP2 -155 SUB -156 SWAP1 -157 RETURN -158 JUMPDEST -159 CALLVALUE -160 ISZERO -161 PUSH2 0x00a9 -164 JUMPI -165 PUSH1 0x00 -167 DUP1 -168 REVERT -169 JUMPDEST -170 PUSH2 0x00de -173 PUSH1 0x04 -175 DUP1 -176 DUP1 -177 CALLDATALOAD -178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -199 AND -200 SWAP1 -201 PUSH1 0x20 -203 ADD -204 SWAP1 -205 SWAP2 -206 SWAP1 -207 DUP1 -208 CALLDATALOAD -209 SWAP1 -210 PUSH1 0x20 -212 ADD -213 SWAP1 -214 SWAP2 -215 SWAP1 -216 POP -217 POP -218 PUSH2 0x0110 -221 JUMP -222 JUMPDEST -223 PUSH1 0x40 -225 MLOAD -226 DUP1 -227 DUP3 -228 ISZERO -229 ISZERO -230 ISZERO -231 ISZERO -232 DUP2 -233 MSTORE -234 PUSH1 0x20 -236 ADD -237 SWAP2 -238 POP -239 POP -240 PUSH1 0x40 -242 MLOAD -243 DUP1 -244 SWAP2 -245 SUB -246 SWAP1 -247 RETURN -248 JUMPDEST -249 PUSH1 0x00 -251 PUSH1 0x20 -253 MSTORE -254 DUP1 -255 PUSH1 0x00 -257 MSTORE -258 PUSH1 0x40 -260 PUSH1 0x00 -262 SHA3 -263 PUSH1 0x00 -265 SWAP2 -266 POP -267 SWAP1 -268 POP -269 SLOAD -270 DUP2 -271 JUMP -272 JUMPDEST -273 PUSH1 0x00 -275 DUP2 -276 PUSH1 0x00 -278 DUP1 -279 CALLER -280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -301 AND -302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -323 AND -324 DUP2 -325 MSTORE -326 PUSH1 0x20 -328 ADD -329 SWAP1 -330 DUP2 -331 MSTORE -332 PUSH1 0x20 -334 ADD -335 PUSH1 0x00 -337 SHA3 -338 SLOAD -339 LT -340 ISZERO -341 PUSH2 0x0161 -344 JUMPI -345 PUSH1 0x00 -347 SWAP1 -348 POP -349 PUSH2 0x01fe -352 JUMP -353 JUMPDEST -354 DUP2 -355 PUSH1 0x00 -357 DUP1 -358 CALLER -359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -380 AND -381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -402 AND -403 DUP2 -404 MSTORE -405 PUSH1 0x20 -407 ADD -408 SWAP1 -409 DUP2 -410 MSTORE -411 PUSH1 0x20 -413 ADD -414 PUSH1 0x00 -416 SHA3 -417 PUSH1 0x00 -419 DUP3 -420 DUP3 -421 SLOAD -422 SUB -423 SWAP3 -424 POP -425 POP -426 DUP2 -427 SWAP1 -428 SSTORE -429 POP -430 DUP2 -431 PUSH1 0x00 -433 DUP1 -434 DUP6 -435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -456 AND -457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -478 AND -479 DUP2 -480 MSTORE -481 PUSH1 0x20 -483 ADD -484 SWAP1 -485 DUP2 -486 MSTORE -487 PUSH1 0x20 -489 ADD -490 PUSH1 0x00 -492 SHA3 -493 PUSH1 0x00 -495 DUP3 -496 DUP3 -497 SLOAD -498 ADD -499 SWAP3 -500 POP -501 POP -502 DUP2 -503 SWAP1 -504 SSTORE -505 POP -506 PUSH1 0x00 -508 SWAP1 -509 POP -510 JUMPDEST -511 SWAP3 -512 SWAP2 -513 POP -514 POP -515 JUMP -516 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html deleted file mode 100644 index 6ee81b9c..00000000 --- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json deleted file mode 100644 index 237b1c1e..00000000 --- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown deleted file mode 100644 index 321484fd..00000000 --- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown +++ /dev/null @@ -1,3 +0,0 @@ -# Analysis results for None - -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm deleted file mode 100644 index e83ace06..00000000 --- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm +++ /dev/null @@ -1,77 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH1 0x3f -11 JUMPI -12 PUSH1 0x00 -14 CALLDATALOAD -15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -45 SWAP1 -46 DIV -47 PUSH4 0xffffffff -52 AND -53 DUP1 -54 PUSH4 0x8a4068dd -59 EQ -60 PUSH1 0x44 -62 JUMPI -63 JUMPDEST -64 PUSH1 0x00 -66 DUP1 -67 REVERT -68 JUMPDEST -69 CALLVALUE -70 ISZERO -71 PUSH1 0x4e -73 JUMPI -74 PUSH1 0x00 -76 DUP1 -77 REVERT -78 JUMPDEST -79 PUSH1 0x54 -81 PUSH1 0x56 -83 JUMP -84 JUMPDEST -85 STOP -86 JUMPDEST -87 CALLER -88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -109 AND -110 PUSH2 0x08fc -113 PUSH8 0x1bc16d674ec80000 -122 SWAP1 -123 DUP2 -124 ISZERO -125 MUL -126 SWAP1 -127 PUSH1 0x40 -129 MLOAD -130 PUSH1 0x00 -132 PUSH1 0x40 -134 MLOAD -135 DUP1 -136 DUP4 -137 SUB -138 DUP2 -139 DUP6 -140 DUP9 -141 DUP9 -142 CALL -143 SWAP4 -144 POP -145 POP -146 POP -147 POP -148 ISZERO -149 ISZERO -150 PUSH1 0x9d -152 JUMPI -153 PUSH1 0x00 -155 DUP1 -156 REVERT -157 JUMPDEST -158 JUMP -159 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html deleted file mode 100644 index f52f87b4..00000000 --- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json deleted file mode 100644 index d48f8f35..00000000 --- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true} diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown deleted file mode 100644 index 6cebd955..00000000 --- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.markdown +++ /dev/null @@ -1,12 +0,0 @@ -# Analysis results for test-filename.sol - -## Ether send -- SWC ID: 105 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0x8a4068dd` -- PC address: 142 - -### Description - -It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. diff --git a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text deleted file mode 100644 index 068f36d1..00000000 --- a/tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.text +++ /dev/null @@ -1,9 +0,0 @@ -==== Ether send ==== -SWC ID: 105 -Type: Warning -Contract: Unknown -Function name: _function_0x8a4068dd -PC address: 142 -It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract. --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm deleted file mode 100644 index 555d5ba3..00000000 --- a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.easm +++ /dev/null @@ -1,167 +0,0 @@ -0 PUSH1 0x80 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x0041 -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x24ff38a2 -60 EQ -61 PUSH2 0x0046 -64 JUMPI -65 JUMPDEST -66 PUSH1 0x00 -68 DUP1 -69 REVERT -70 JUMPDEST -71 CALLVALUE -72 DUP1 -73 ISZERO -74 PUSH2 0x0052 -77 JUMPI -78 PUSH1 0x00 -80 DUP1 -81 REVERT -82 JUMPDEST -83 POP -84 PUSH2 0x005b -87 PUSH2 0x00d6 -90 JUMP -91 JUMPDEST -92 PUSH1 0x40 -94 MLOAD -95 DUP1 -96 DUP1 -97 PUSH1 0x20 -99 ADD -100 DUP3 -101 DUP2 -102 SUB -103 DUP3 -104 MSTORE -105 DUP4 -106 DUP2 -107 DUP2 -108 MLOAD -109 DUP2 -110 MSTORE -111 PUSH1 0x20 -113 ADD -114 SWAP2 -115 POP -116 DUP1 -117 MLOAD -118 SWAP1 -119 PUSH1 0x20 -121 ADD -122 SWAP1 -123 DUP1 -124 DUP4 -125 DUP4 -126 PUSH1 0x00 -128 JUMPDEST -129 DUP4 -130 DUP2 -131 LT -132 ISZERO -133 PUSH2 0x009b -136 JUMPI -137 DUP1 -138 DUP3 -139 ADD -140 MLOAD -141 DUP2 -142 DUP5 -143 ADD -144 MSTORE -145 PUSH1 0x20 -147 DUP2 -148 ADD -149 SWAP1 -150 POP -151 PUSH2 0x0080 -154 JUMP -155 JUMPDEST -156 POP -157 POP -158 POP -159 POP -160 SWAP1 -161 POP -162 SWAP1 -163 DUP2 -164 ADD -165 SWAP1 -166 PUSH1 0x1f -168 AND -169 DUP1 -170 ISZERO -171 PUSH2 0x00c8 -174 JUMPI -175 DUP1 -176 DUP3 -177 SUB -178 DUP1 -179 MLOAD -180 PUSH1 0x01 -182 DUP4 -183 PUSH1 0x20 -185 SUB -186 PUSH2 0x0100 -189 EXP -190 SUB -191 NOT -192 AND -193 DUP2 -194 MSTORE -195 PUSH1 0x20 -197 ADD -198 SWAP2 -199 POP -200 JUMPDEST -201 POP -202 SWAP3 -203 POP -204 POP -205 POP -206 PUSH1 0x40 -208 MLOAD -209 DUP1 -210 SWAP2 -211 SUB -212 SWAP1 -213 RETURN -214 JUMPDEST -215 PUSH1 0x60 -217 PUSH1 0x40 -219 DUP1 -220 MLOAD -221 SWAP1 -222 DUP2 -223 ADD -224 PUSH1 0x40 -226 MSTORE -227 DUP1 -228 PUSH1 0x17 -230 DUP2 -231 MSTORE -232 PUSH1 0x20 -234 ADD -235 PUSH32 0xd0a5d18dd0bbd0bbd0bed18320d092d0bed180d0bbd0b4000000000000000000 -268 DUP2 -269 MSTORE -270 POP -271 SWAP1 -272 POP -273 SWAP1 -274 JUMP -275 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html deleted file mode 100644 index 505c7d42..00000000 --- a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json deleted file mode 100644 index 237b1c1e..00000000 --- a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown deleted file mode 100644 index 321484fd..00000000 --- a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.markdown +++ /dev/null @@ -1,3 +0,0 @@ -# Analysis results for None - -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text b/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/outputs_current/nonascii.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm deleted file mode 100644 index e1bffe10..00000000 --- a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.easm +++ /dev/null @@ -1,168 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x004c -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x8da5cb5b -60 EQ -61 PUSH2 0x0051 -64 JUMPI -65 DUP1 -66 PUSH4 0xf2fde38b -71 EQ -72 PUSH2 0x00a6 -75 JUMPI -76 JUMPDEST -77 PUSH1 0x00 -79 DUP1 -80 REVERT -81 JUMPDEST -82 CALLVALUE -83 ISZERO -84 PUSH2 0x005c -87 JUMPI -88 PUSH1 0x00 -90 DUP1 -91 REVERT -92 JUMPDEST -93 PUSH2 0x0064 -96 PUSH2 0x00df -99 JUMP -100 JUMPDEST -101 PUSH1 0x40 -103 MLOAD -104 DUP1 -105 DUP3 -106 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -127 AND -128 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -149 AND -150 DUP2 -151 MSTORE -152 PUSH1 0x20 -154 ADD -155 SWAP2 -156 POP -157 POP -158 PUSH1 0x40 -160 MLOAD -161 DUP1 -162 SWAP2 -163 SUB -164 SWAP1 -165 RETURN -166 JUMPDEST -167 CALLVALUE -168 ISZERO -169 PUSH2 0x00b1 -172 JUMPI -173 PUSH1 0x00 -175 DUP1 -176 REVERT -177 JUMPDEST -178 PUSH2 0x00dd -181 PUSH1 0x04 -183 DUP1 -184 DUP1 -185 CALLDATALOAD -186 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -207 AND -208 SWAP1 -209 PUSH1 0x20 -211 ADD -212 SWAP1 -213 SWAP2 -214 SWAP1 -215 POP -216 POP -217 PUSH2 0x0104 -220 JUMP -221 JUMPDEST -222 STOP -223 JUMPDEST -224 PUSH1 0x00 -226 DUP1 -227 SWAP1 -228 SLOAD -229 SWAP1 -230 PUSH2 0x0100 -233 EXP -234 SWAP1 -235 DIV -236 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -257 AND -258 DUP2 -259 JUMP -260 JUMPDEST -261 PUSH1 0x00 -263 DUP1 -264 SWAP1 -265 SLOAD -266 SWAP1 -267 PUSH2 0x0100 -270 EXP -271 SWAP1 -272 DIV -273 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -294 AND -295 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -316 AND -317 ORIGIN -318 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -339 AND -340 EQ -341 ISZERO -342 ISZERO -343 PUSH2 0x015f -346 JUMPI -347 PUSH1 0x00 -349 DUP1 -350 REVERT -351 JUMPDEST -352 PUSH1 0x00 -354 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -375 AND -376 DUP2 -377 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -398 AND -399 EQ -400 ISZERO -401 ISZERO -402 PUSH2 0x01d6 -405 JUMPI -406 DUP1 -407 PUSH1 0x00 -409 DUP1 -410 PUSH2 0x0100 -413 EXP -414 DUP2 -415 SLOAD -416 DUP2 -417 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -438 MUL -439 NOT -440 AND -441 SWAP1 -442 DUP4 -443 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -464 AND -465 MUL -466 OR -467 SWAP1 -468 SSTORE -469 POP -470 JUMPDEST -471 POP -472 JUMP -473 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html deleted file mode 100644 index 7ff40e7e..00000000 --- a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json deleted file mode 100644 index 0e924831..00000000 --- a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown deleted file mode 100644 index 1e9d6d8b..00000000 --- a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.markdown +++ /dev/null @@ -1,13 +0,0 @@ -# Analysis results for test-filename.sol - -## Use of tx.origin -- SWC ID: 115 -- Type: Warning -- Contract: Unknown -- Function name: `transferOwnership(address)` -- PC address: 317 - -### Description - -The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text b/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text deleted file mode 100644 index b71422be..00000000 --- a/tests/testdata/outputs_expected/outputs_current/origin.sol.o.text +++ /dev/null @@ -1,10 +0,0 @@ -==== Use of tx.origin ==== -SWC ID: 115 -Type: Warning -Contract: Unknown -Function name: transferOwnership(address) -PC address: 317 -The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm deleted file mode 100644 index b0763999..00000000 --- a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.easm +++ /dev/null @@ -1,388 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x0062 -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x18160ddd -60 EQ -61 PUSH2 0x0067 -64 JUMPI -65 DUP1 -66 PUSH4 0x6241bfd1 -71 EQ -72 PUSH2 0x0090 -75 JUMPI -76 DUP1 -77 PUSH4 0x70a08231 -82 EQ -83 PUSH2 0x00b3 -86 JUMPI -87 DUP1 -88 PUSH4 0xa3210e87 -93 EQ -94 PUSH2 0x0100 -97 JUMPI -98 JUMPDEST -99 PUSH1 0x00 -101 DUP1 -102 REVERT -103 JUMPDEST -104 CALLVALUE -105 ISZERO -106 PUSH2 0x0072 -109 JUMPI -110 PUSH1 0x00 -112 DUP1 -113 REVERT -114 JUMPDEST -115 PUSH2 0x007a -118 PUSH2 0x015a -121 JUMP -122 JUMPDEST -123 PUSH1 0x40 -125 MLOAD -126 DUP1 -127 DUP3 -128 DUP2 -129 MSTORE -130 PUSH1 0x20 -132 ADD -133 SWAP2 -134 POP -135 POP -136 PUSH1 0x40 -138 MLOAD -139 DUP1 -140 SWAP2 -141 SUB -142 SWAP1 -143 RETURN -144 JUMPDEST -145 CALLVALUE -146 ISZERO -147 PUSH2 0x009b -150 JUMPI -151 PUSH1 0x00 -153 DUP1 -154 REVERT -155 JUMPDEST -156 PUSH2 0x00b1 -159 PUSH1 0x04 -161 DUP1 -162 DUP1 -163 CALLDATALOAD -164 SWAP1 -165 PUSH1 0x20 -167 ADD -168 SWAP1 -169 SWAP2 -170 SWAP1 -171 POP -172 POP -173 PUSH2 0x0160 -176 JUMP -177 JUMPDEST -178 STOP -179 JUMPDEST -180 CALLVALUE -181 ISZERO -182 PUSH2 0x00be -185 JUMPI -186 PUSH1 0x00 -188 DUP1 -189 REVERT -190 JUMPDEST -191 PUSH2 0x00ea -194 PUSH1 0x04 -196 DUP1 -197 DUP1 -198 CALLDATALOAD -199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -220 AND -221 SWAP1 -222 PUSH1 0x20 -224 ADD -225 SWAP1 -226 SWAP2 -227 SWAP1 -228 POP -229 POP -230 PUSH2 0x01ab -233 JUMP -234 JUMPDEST -235 PUSH1 0x40 -237 MLOAD -238 DUP1 -239 DUP3 -240 DUP2 -241 MSTORE -242 PUSH1 0x20 -244 ADD -245 SWAP2 -246 POP -247 POP -248 PUSH1 0x40 -250 MLOAD -251 DUP1 -252 SWAP2 -253 SUB -254 SWAP1 -255 RETURN -256 JUMPDEST -257 CALLVALUE -258 ISZERO -259 PUSH2 0x010b -262 JUMPI -263 PUSH1 0x00 -265 DUP1 -266 REVERT -267 JUMPDEST -268 PUSH2 0x0140 -271 PUSH1 0x04 -273 DUP1 -274 DUP1 -275 CALLDATALOAD -276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -297 AND -298 SWAP1 -299 PUSH1 0x20 -301 ADD -302 SWAP1 -303 SWAP2 -304 SWAP1 -305 DUP1 -306 CALLDATALOAD -307 SWAP1 -308 PUSH1 0x20 -310 ADD -311 SWAP1 -312 SWAP2 -313 SWAP1 -314 POP -315 POP -316 PUSH2 0x01f3 -319 JUMP -320 JUMPDEST -321 PUSH1 0x40 -323 MLOAD -324 DUP1 -325 DUP3 -326 ISZERO -327 ISZERO -328 ISZERO -329 ISZERO -330 DUP2 -331 MSTORE -332 PUSH1 0x20 -334 ADD -335 SWAP2 -336 POP -337 POP -338 PUSH1 0x40 -340 MLOAD -341 DUP1 -342 SWAP2 -343 SUB -344 SWAP1 -345 RETURN -346 JUMPDEST -347 PUSH1 0x01 -349 SLOAD -350 DUP2 -351 JUMP -352 JUMPDEST -353 DUP1 -354 PUSH1 0x01 -356 DUP2 -357 SWAP1 -358 SSTORE -359 PUSH1 0x00 -361 DUP1 -362 CALLER -363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -384 AND -385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -406 AND -407 DUP2 -408 MSTORE -409 PUSH1 0x20 -411 ADD -412 SWAP1 -413 DUP2 -414 MSTORE -415 PUSH1 0x20 -417 ADD -418 PUSH1 0x00 -420 SHA3 -421 DUP2 -422 SWAP1 -423 SSTORE -424 POP -425 POP -426 JUMP -427 JUMPDEST -428 PUSH1 0x00 -430 DUP1 -431 PUSH1 0x00 -433 DUP4 -434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -455 AND -456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -477 AND -478 DUP2 -479 MSTORE -480 PUSH1 0x20 -482 ADD -483 SWAP1 -484 DUP2 -485 MSTORE -486 PUSH1 0x20 -488 ADD -489 PUSH1 0x00 -491 SHA3 -492 SLOAD -493 SWAP1 -494 POP -495 SWAP2 -496 SWAP1 -497 POP -498 JUMP -499 JUMPDEST -500 PUSH1 0x00 -502 DUP1 -503 DUP3 -504 PUSH1 0x00 -506 DUP1 -507 CALLER -508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -529 AND -530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -551 AND -552 DUP2 -553 MSTORE -554 PUSH1 0x20 -556 ADD -557 SWAP1 -558 DUP2 -559 MSTORE -560 PUSH1 0x20 -562 ADD -563 PUSH1 0x00 -565 SHA3 -566 SLOAD -567 SUB -568 LT -569 ISZERO -570 ISZERO -571 ISZERO -572 PUSH2 0x0244 -575 JUMPI -576 PUSH1 0x00 -578 DUP1 -579 REVERT -580 JUMPDEST -581 DUP2 -582 PUSH1 0x00 -584 DUP1 -585 CALLER -586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -607 AND -608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -629 AND -630 DUP2 -631 MSTORE -632 PUSH1 0x20 -634 ADD -635 SWAP1 -636 DUP2 -637 MSTORE -638 PUSH1 0x20 -640 ADD -641 PUSH1 0x00 -643 SHA3 -644 PUSH1 0x00 -646 DUP3 -647 DUP3 -648 SLOAD -649 SUB -650 SWAP3 -651 POP -652 POP -653 DUP2 -654 SWAP1 -655 SSTORE -656 POP -657 DUP2 -658 PUSH1 0x00 -660 DUP1 -661 DUP6 -662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -683 AND -684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -705 AND -706 DUP2 -707 MSTORE -708 PUSH1 0x20 -710 ADD -711 SWAP1 -712 DUP2 -713 MSTORE -714 PUSH1 0x20 -716 ADD -717 PUSH1 0x00 -719 SHA3 -720 PUSH1 0x00 -722 DUP3 -723 DUP3 -724 SLOAD -725 ADD -726 SWAP3 -727 POP -728 POP -729 DUP2 -730 SWAP1 -731 SSTORE -732 POP -733 PUSH1 0x02 -735 PUSH1 0x00 -737 DUP1 -738 DUP6 -739 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -760 AND -761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -782 AND -783 DUP2 -784 MSTORE -785 PUSH1 0x20 -787 ADD -788 SWAP1 -789 DUP2 -790 MSTORE -791 PUSH1 0x20 -793 ADD -794 PUSH1 0x00 -796 SHA3 -797 DUP2 -798 SWAP1 -799 SSTORE -800 POP -801 PUSH1 0x01 -803 SWAP1 -804 POP -805 SWAP3 -806 SWAP2 -807 POP -808 POP -809 JUMP -810 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html deleted file mode 100644 index 70210177..00000000 --- a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json deleted file mode 100644 index d794122d..00000000 --- a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown deleted file mode 100644 index f042f183..00000000 --- a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.markdown +++ /dev/null @@ -1,34 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 - -### Description - -The subtraction can result in an integer underflow. - -## Integer Underflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 - -### Description - -The subtraction can result in an integer underflow. - -## Integer Overflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 - -### Description - -The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text deleted file mode 100644 index acdce40b..00000000 --- a/tests/testdata/outputs_expected/outputs_current/overflow.sol.o.text +++ /dev/null @@ -1,30 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -The substraction can result in an integer underflow. - --------------------- - -==== Integer Underflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -The substraction can result in an integer underflow. - --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -The arithmetic operation can result in integer overflow. - --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm deleted file mode 100644 index 13a426cc..00000000 --- a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.easm +++ /dev/null @@ -1,129 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x004c -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x633ab5e0 -60 EQ -61 PUSH2 0x0051 -64 JUMPI -65 DUP1 -66 PUSH4 0xe3bea282 -71 EQ -72 PUSH2 0x0066 -75 JUMPI -76 JUMPDEST -77 PUSH1 0x00 -79 DUP1 -80 REVERT -81 JUMPDEST -82 CALLVALUE -83 ISZERO -84 PUSH2 0x005c -87 JUMPI -88 PUSH1 0x00 -90 DUP1 -91 REVERT -92 JUMPDEST -93 PUSH2 0x0064 -96 PUSH2 0x007b -99 JUMP -100 JUMPDEST -101 STOP -102 JUMPDEST -103 CALLVALUE -104 ISZERO -105 PUSH2 0x0071 -108 JUMPI -109 PUSH1 0x00 -111 DUP1 -112 REVERT -113 JUMPDEST -114 PUSH2 0x0079 -117 PUSH2 0x00d4 -120 JUMP -121 JUMPDEST -122 STOP -123 JUMPDEST -124 PUSH1 0x00 -126 DUP1 -127 SWAP1 -128 SLOAD -129 SWAP1 -130 PUSH2 0x0100 -133 EXP -134 SWAP1 -135 DIV -136 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -157 AND -158 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -179 AND -180 PUSH1 0x40 -182 MLOAD -183 PUSH1 0x00 -185 PUSH1 0x40 -187 MLOAD -188 DUP1 -189 DUP4 -190 SUB -191 DUP2 -192 PUSH1 0x00 -194 DUP7 -195 GAS -196 CALL -197 SWAP2 -198 POP -199 POP -200 ISZERO -201 ISZERO -202 PUSH2 0x00d2 -205 JUMPI -206 PUSH1 0x00 -208 DUP1 -209 REVERT -210 JUMPDEST -211 JUMP -212 JUMPDEST -213 PUSH1 0x00 -215 DUP1 -216 SWAP1 -217 SLOAD -218 SWAP1 -219 PUSH2 0x0100 -222 EXP -223 SWAP1 -224 DIV -225 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -246 AND -247 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -268 AND -269 PUSH1 0x40 -271 MLOAD -272 PUSH1 0x00 -274 PUSH1 0x40 -276 MLOAD -277 DUP1 -278 DUP4 -279 SUB -280 DUP2 -281 PUSH1 0x00 -283 DUP7 -284 GAS -285 CALL -286 SWAP2 -287 POP -288 POP -289 POP -290 JUMP -291 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html deleted file mode 100644 index 278fa213..00000000 --- a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json deleted file mode 100644 index 81ee3cb3..00000000 --- a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x633ab5e0", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 285, "contract": "Unknown", "debug": "", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe3bea282", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 290, "contract": "Unknown", "debug": "", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe3bea282", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown deleted file mode 100644 index f3a058bd..00000000 --- a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.markdown +++ /dev/null @@ -1,34 +0,0 @@ -# Analysis results for test-filename.sol - -## Message call to external contract -- SWC ID: 107 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0x633ab5e0` -- PC address: 196 - -### Description - -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. - -## Message call to external contract -- SWC ID: 107 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xe3bea282` -- PC address: 285 - -### Description - -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. - -## Unchecked CALL return value -- SWC ID: 104 -- Type: Informational -- Contract: Unknown -- Function name: `_function_0xe3bea282` -- PC address: 290 - -### Description - -The return value of an external call is not checked. Note that execution continue even if the called contract throws. diff --git a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text b/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text deleted file mode 100644 index 2a8b1470..00000000 --- a/tests/testdata/outputs_expected/outputs_current/returnvalue.sol.o.text +++ /dev/null @@ -1,27 +0,0 @@ -==== Message call to external contract ==== -SWC ID: 107 -Type: Informational -Contract: Unknown -Function name: _function_0x633ab5e0 -PC address: 196 -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. --------------------- - -==== Message call to external contract ==== -SWC ID: 107 -Type: Informational -Contract: Unknown -Function name: _function_0xe3bea282 -PC address: 285 -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. --------------------- - -==== Unchecked CALL return value ==== -SWC ID: 104 -Type: Informational -Contract: Unknown -Function name: _function_0xe3bea282 -PC address: 290 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm deleted file mode 100644 index 892e7787..00000000 --- a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.easm +++ /dev/null @@ -1,58 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH1 0x3f -11 JUMPI -12 PUSH1 0x00 -14 CALLDATALOAD -15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -45 SWAP1 -46 DIV -47 PUSH4 0xffffffff -52 AND -53 DUP1 -54 PUSH4 0xcbf0b0c0 -59 EQ -60 PUSH1 0x44 -62 JUMPI -63 JUMPDEST -64 PUSH1 0x00 -66 DUP1 -67 REVERT -68 JUMPDEST -69 CALLVALUE -70 ISZERO -71 PUSH1 0x4e -73 JUMPI -74 PUSH1 0x00 -76 DUP1 -77 REVERT -78 JUMPDEST -79 PUSH1 0x78 -81 PUSH1 0x04 -83 DUP1 -84 DUP1 -85 CALLDATALOAD -86 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -107 AND -108 SWAP1 -109 PUSH1 0x20 -111 ADD -112 SWAP1 -113 SWAP2 -114 SWAP1 -115 POP -116 POP -117 PUSH1 0x7a -119 JUMP -120 JUMPDEST -121 STOP -122 JUMPDEST -123 DUP1 -124 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -145 AND -146 SUICIDE -147 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html deleted file mode 100644 index 12a3306d..00000000 --- a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json deleted file mode 100644 index 4b9b6b83..00000000 --- a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 146, "contract": "Unknown", "debug": "", "description": "A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument.\n", "function": "_function_0xcbf0b0c0", "swc_id": "106", "title": "Unchecked SUICIDE", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown deleted file mode 100644 index 6d24f84d..00000000 --- a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.markdown +++ /dev/null @@ -1,12 +0,0 @@ -# Analysis results for test-filename.sol - -## Unchecked SUICIDE -- SWC ID: 106 -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xcbf0b0c0` -- PC address: 146 - -### Description - -A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. diff --git a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text b/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text deleted file mode 100644 index 138bf06b..00000000 --- a/tests/testdata/outputs_expected/outputs_current/suicide.sol.o.text +++ /dev/null @@ -1,10 +0,0 @@ -==== Unchecked SUICIDE ==== -SWC ID: 106 -Type: Warning -Contract: Unknown -Function name: _function_0xcbf0b0c0 -PC address: 146 -A reachable SUICIDE instruction was detected. The remaining Ether is sent to an address provided as a function argument. - --------------------- - diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm deleted file mode 100644 index 0ed8f651..00000000 --- a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.easm +++ /dev/null @@ -1,365 +0,0 @@ -0 PUSH1 0x60 -2 PUSH1 0x40 -4 MSTORE -5 PUSH1 0x04 -7 CALLDATASIZE -8 LT -9 PUSH2 0x0062 -12 JUMPI -13 PUSH1 0x00 -15 CALLDATALOAD -16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000 -46 SWAP1 -47 DIV -48 PUSH4 0xffffffff -53 AND -54 DUP1 -55 PUSH4 0x18160ddd -60 EQ -61 PUSH2 0x0067 -64 JUMPI -65 DUP1 -66 PUSH4 0x6241bfd1 -71 EQ -72 PUSH2 0x0090 -75 JUMPI -76 DUP1 -77 PUSH4 0x70a08231 -82 EQ -83 PUSH2 0x00b3 -86 JUMPI -87 DUP1 -88 PUSH4 0xa3210e87 -93 EQ -94 PUSH2 0x0100 -97 JUMPI -98 JUMPDEST -99 PUSH1 0x00 -101 DUP1 -102 REVERT -103 JUMPDEST -104 CALLVALUE -105 ISZERO -106 PUSH2 0x0072 -109 JUMPI -110 PUSH1 0x00 -112 DUP1 -113 REVERT -114 JUMPDEST -115 PUSH2 0x007a -118 PUSH2 0x015a -121 JUMP -122 JUMPDEST -123 PUSH1 0x40 -125 MLOAD -126 DUP1 -127 DUP3 -128 DUP2 -129 MSTORE -130 PUSH1 0x20 -132 ADD -133 SWAP2 -134 POP -135 POP -136 PUSH1 0x40 -138 MLOAD -139 DUP1 -140 SWAP2 -141 SUB -142 SWAP1 -143 RETURN -144 JUMPDEST -145 CALLVALUE -146 ISZERO -147 PUSH2 0x009b -150 JUMPI -151 PUSH1 0x00 -153 DUP1 -154 REVERT -155 JUMPDEST -156 PUSH2 0x00b1 -159 PUSH1 0x04 -161 DUP1 -162 DUP1 -163 CALLDATALOAD -164 SWAP1 -165 PUSH1 0x20 -167 ADD -168 SWAP1 -169 SWAP2 -170 SWAP1 -171 POP -172 POP -173 PUSH2 0x0160 -176 JUMP -177 JUMPDEST -178 STOP -179 JUMPDEST -180 CALLVALUE -181 ISZERO -182 PUSH2 0x00be -185 JUMPI -186 PUSH1 0x00 -188 DUP1 -189 REVERT -190 JUMPDEST -191 PUSH2 0x00ea -194 PUSH1 0x04 -196 DUP1 -197 DUP1 -198 CALLDATALOAD -199 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -220 AND -221 SWAP1 -222 PUSH1 0x20 -224 ADD -225 SWAP1 -226 SWAP2 -227 SWAP1 -228 POP -229 POP -230 PUSH2 0x01ab -233 JUMP -234 JUMPDEST -235 PUSH1 0x40 -237 MLOAD -238 DUP1 -239 DUP3 -240 DUP2 -241 MSTORE -242 PUSH1 0x20 -244 ADD -245 SWAP2 -246 POP -247 POP -248 PUSH1 0x40 -250 MLOAD -251 DUP1 -252 SWAP2 -253 SUB -254 SWAP1 -255 RETURN -256 JUMPDEST -257 CALLVALUE -258 ISZERO -259 PUSH2 0x010b -262 JUMPI -263 PUSH1 0x00 -265 DUP1 -266 REVERT -267 JUMPDEST -268 PUSH2 0x0140 -271 PUSH1 0x04 -273 DUP1 -274 DUP1 -275 CALLDATALOAD -276 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -297 AND -298 SWAP1 -299 PUSH1 0x20 -301 ADD -302 SWAP1 -303 SWAP2 -304 SWAP1 -305 DUP1 -306 CALLDATALOAD -307 SWAP1 -308 PUSH1 0x20 -310 ADD -311 SWAP1 -312 SWAP2 -313 SWAP1 -314 POP -315 POP -316 PUSH2 0x01f3 -319 JUMP -320 JUMPDEST -321 PUSH1 0x40 -323 MLOAD -324 DUP1 -325 DUP3 -326 ISZERO -327 ISZERO -328 ISZERO -329 ISZERO -330 DUP2 -331 MSTORE -332 PUSH1 0x20 -334 ADD -335 SWAP2 -336 POP -337 POP -338 PUSH1 0x40 -340 MLOAD -341 DUP1 -342 SWAP2 -343 SUB -344 SWAP1 -345 RETURN -346 JUMPDEST -347 PUSH1 0x01 -349 SLOAD -350 DUP2 -351 JUMP -352 JUMPDEST -353 DUP1 -354 PUSH1 0x01 -356 DUP2 -357 SWAP1 -358 SSTORE -359 PUSH1 0x00 -361 DUP1 -362 CALLER -363 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -384 AND -385 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -406 AND -407 DUP2 -408 MSTORE -409 PUSH1 0x20 -411 ADD -412 SWAP1 -413 DUP2 -414 MSTORE -415 PUSH1 0x20 -417 ADD -418 PUSH1 0x00 -420 SHA3 -421 DUP2 -422 SWAP1 -423 SSTORE -424 POP -425 POP -426 JUMP -427 JUMPDEST -428 PUSH1 0x00 -430 DUP1 -431 PUSH1 0x00 -433 DUP4 -434 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -455 AND -456 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -477 AND -478 DUP2 -479 MSTORE -480 PUSH1 0x20 -482 ADD -483 SWAP1 -484 DUP2 -485 MSTORE -486 PUSH1 0x20 -488 ADD -489 PUSH1 0x00 -491 SHA3 -492 SLOAD -493 SWAP1 -494 POP -495 SWAP2 -496 SWAP1 -497 POP -498 JUMP -499 JUMPDEST -500 PUSH1 0x00 -502 DUP1 -503 DUP3 -504 PUSH1 0x00 -506 DUP1 -507 CALLER -508 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -529 AND -530 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -551 AND -552 DUP2 -553 MSTORE -554 PUSH1 0x20 -556 ADD -557 SWAP1 -558 DUP2 -559 MSTORE -560 PUSH1 0x20 -562 ADD -563 PUSH1 0x00 -565 SHA3 -566 SLOAD -567 SUB -568 LT -569 ISZERO -570 ISZERO -571 ISZERO -572 PUSH2 0x0244 -575 JUMPI -576 PUSH1 0x00 -578 DUP1 -579 REVERT -580 JUMPDEST -581 DUP2 -582 PUSH1 0x00 -584 DUP1 -585 CALLER -586 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -607 AND -608 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -629 AND -630 DUP2 -631 MSTORE -632 PUSH1 0x20 -634 ADD -635 SWAP1 -636 DUP2 -637 MSTORE -638 PUSH1 0x20 -640 ADD -641 PUSH1 0x00 -643 SHA3 -644 PUSH1 0x00 -646 DUP3 -647 DUP3 -648 SLOAD -649 SUB -650 SWAP3 -651 POP -652 POP -653 DUP2 -654 SWAP1 -655 SSTORE -656 POP -657 DUP2 -658 PUSH1 0x00 -660 DUP1 -661 DUP6 -662 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -683 AND -684 PUSH20 0xffffffffffffffffffffffffffffffffffffffff -705 AND -706 DUP2 -707 MSTORE -708 PUSH1 0x20 -710 ADD -711 SWAP1 -712 DUP2 -713 MSTORE -714 PUSH1 0x20 -716 ADD -717 PUSH1 0x00 -719 SHA3 -720 PUSH1 0x00 -722 DUP3 -723 DUP3 -724 SLOAD -725 ADD -726 SWAP3 -727 POP -728 POP -729 DUP2 -730 SWAP1 -731 SSTORE -732 POP -733 PUSH1 0x01 -735 SWAP1 -736 POP -737 SWAP3 -738 SWAP2 -739 POP -740 POP -741 JUMP -742 STOP diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html deleted file mode 100644 index 6e6b4f7a..00000000 --- a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.graph.html +++ /dev/null @@ -1,62 +0,0 @@ - - - - Call Graph - - - - - - - - - - -

Mythril / Ethereum LASER Symbolic VM

-
- - - diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json deleted file mode 100644 index d794122d..00000000 --- a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.json +++ /dev/null @@ -1 +0,0 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown deleted file mode 100644 index f042f183..00000000 --- a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.markdown +++ /dev/null @@ -1,34 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 - -### Description - -The subtraction can result in an integer underflow. - -## Integer Underflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 - -### Description - -The subtraction can result in an integer underflow. - -## Integer Overflow -- SWC ID: 101 -- Type: Warning -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 - -### Description - -The arithmetic operation can result in integer overflow. diff --git a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text b/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text deleted file mode 100644 index ad480ffd..00000000 --- a/tests/testdata/outputs_expected/outputs_current/underflow.sol.o.text +++ /dev/null @@ -1,30 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -The subtraction can result in an integer underflow. - --------------------- - -==== Integer Underflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -The subtraction can result in an integer underflow. - --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Type: Warning -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -The arithmetic operation can result in integer overflow. - --------------------- - From a83936a94c1a380fb6f61b2d3f2fd6085ad200a7 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 17:02:39 +0100 Subject: [PATCH 183/213] Fix missing import and style --- tests/analysis/test_delegatecall.py | 10 +--- tests/disassembler/asm.py | 78 ++++++++++++++++++++++++----- 2 files changed, 68 insertions(+), 20 deletions(-) diff --git a/tests/analysis/test_delegatecall.py b/tests/analysis/test_delegatecall.py index c9f1b660..c5669b7c 100644 --- a/tests/analysis/test_delegatecall.py +++ b/tests/analysis/test_delegatecall.py @@ -10,7 +10,7 @@ from mythril.laser.ethereum.state import GlobalState, Environment, Account import pytest from unittest.mock import MagicMock, patch import pytest_mock - +from mythril.disassembler.disassembly import Disassembly def test_concrete_call(): # arrange @@ -109,7 +109,6 @@ def test_symbolic_call_storage_to(mocker): state = GlobalState(None, environment, None) state.mstate.memory = ["placeholder", "calldata_bling_0"] - node = Node("example") node.contract_name = "the contract name" node.function_name = "the function name" @@ -117,14 +116,12 @@ def test_symbolic_call_storage_to(mocker): to = Variable("storage_1", VarType.SYMBOLIC) call = Call(node, state, None, "Type: ", to, None) - mocker.patch.object(SymExecWrapper, "__init__", lambda x, y: None) statespace = SymExecWrapper(1) mocker.patch.object(statespace, "find_storage_write") statespace.find_storage_write.return_value = "Function name" - # act issues = _symbolic_call(call, state, address, statespace) @@ -153,7 +150,6 @@ def test_symbolic_call_calldata_to(mocker): state = GlobalState(None, environment, None) state.mstate.memory = ["placeholder", "calldata_bling_0"] - node = Node("example") node.contract_name = "the contract name" node.function_name = "the function name" @@ -161,14 +157,12 @@ def test_symbolic_call_calldata_to(mocker): to = Variable("calldata", VarType.SYMBOLIC) call = Call(node, state, None, "Type: ", to, None) - mocker.patch.object(SymExecWrapper, "__init__", lambda x, y: None) statespace = SymExecWrapper(1) - mocker.patch.object(statespace, 'find_storage_write') + mocker.patch.object(statespace, "find_storage_write") statespace.find_storage_write.return_value = "Function name" - # act issues = _symbolic_call(call, state, address, statespace) diff --git a/tests/disassembler/asm.py b/tests/disassembler/asm.py index 960c27a9..0959c5b4 100644 --- a/tests/disassembler/asm.py +++ b/tests/disassembler/asm.py @@ -1,7 +1,7 @@ from mythril.disassembler.asm import * import pytest -valid_names = [("PUSH1", 0x60), ("STOP", 0x0), ("RETURN", 0xf3)] +valid_names = [("PUSH1", 0x60), ("STOP", 0x0), ("RETURN", 0xF3)] @pytest.mark.parametrize("operation_name, hex_value", valid_names) @@ -22,36 +22,90 @@ def test_get_unknown_opcode(): sequence_match_test_data = [ # Normal no match - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], 1, False), + ( + (["PUSH1"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + 1, + False, + ), # Normal match - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}], 1, True), + ( + (["PUSH1"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}], + 1, + True, + ), # Out of bounds pattern - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], 3, False), - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], 2, False), + ( + (["PUSH1"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + 3, + False, + ), + ( + (["PUSH1"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + 2, + False, + ), # Double option match - ((["PUSH1", "PUSH3"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}], 1, True), - ((["PUSH1", "PUSH3"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], 1, True), + ( + (["PUSH1", "PUSH3"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}], + 1, + True, + ), + ( + (["PUSH1", "PUSH3"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + 1, + True, + ), # Double option no match - ((["PUSH1", "PUSH3"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], 0, False), + ( + (["PUSH1", "PUSH3"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + 0, + False, + ), ] -@pytest.mark.parametrize("pattern, instruction_list, index, expected_result", sequence_match_test_data) +@pytest.mark.parametrize( + "pattern, instruction_list, index, expected_result", sequence_match_test_data +) def test_is_sequence_match(pattern, instruction_list, index, expected_result): # Act return_value = is_sequence_match(pattern, instruction_list, index) # Assert assert return_value == expected_result + find_sequence_match_test_data = [ # Normal no match - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], []), + ( + (["PUSH1"], ["EQ"]), + [{"opcode": "PUSH1"}, {"opcode": "PUSH3"}, {"opcode": "EQ"}], + [], + ), # Normal match - ((["PUSH1"], ["EQ"]), [{"opcode": "PUSH1"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}, {"opcode": "PUSH1"}, {"opcode": "EQ"}], [1, 3]), + ( + (["PUSH1"], ["EQ"]), + [ + {"opcode": "PUSH1"}, + {"opcode": "PUSH1"}, + {"opcode": "EQ"}, + {"opcode": "PUSH1"}, + {"opcode": "EQ"}, + ], + [1, 3], + ), ] -@pytest.mark.parametrize("pattern, instruction_list, expected_result", find_sequence_match_test_data) +@pytest.mark.parametrize( + "pattern, instruction_list, expected_result", find_sequence_match_test_data +) def test_find_op_code_sequence(pattern, instruction_list, expected_result): # Act return_value = list(find_op_code_sequence(pattern, instruction_list)) From 9846019ab521f0432c0d8ab5cbe9d583055a0b26 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 17:03:27 +0100 Subject: [PATCH 184/213] black fixes --- mythril/analysis/modules/exceptions.py | 2 +- mythril/analysis/modules/transaction_order_dependence.py | 2 +- mythril/analysis/report.py | 5 ++++- mythril/disassembler/asm.py | 5 +++-- mythril/version.py | 2 +- tests/analysis/test_delegatecall.py | 1 + 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/mythril/analysis/modules/exceptions.py b/mythril/analysis/modules/exceptions.py index f1702abf..384b05ad 100644 --- a/mythril/analysis/modules/exceptions.py +++ b/mythril/analysis/modules/exceptions.py @@ -36,7 +36,7 @@ def execute(statespace): "out-of-bounds array access, or assert violations. " ) description += ( - "Note that explicit `assert()` should only be used to check invariants. " + "Note that explicit `assert()` should only be used to check invariants. " "Use `require()` for regular input checking. " ) diff --git a/mythril/analysis/modules/transaction_order_dependence.py b/mythril/analysis/modules/transaction_order_dependence.py index 8d98bfdb..790945c6 100644 --- a/mythril/analysis/modules/transaction_order_dependence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -43,7 +43,7 @@ def execute(statespace): ) issue.description = ( - "Possible transaction order dependence vulnerability: The value or " + "Possible transaction order dependence vulnerability: The value or " "direction of the call statement is determined from a tainted storage location" ) issues.append(issue) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 91bf7674..ce12c7d2 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -5,6 +5,7 @@ from jinja2 import PackageLoader, Environment import _pysha3 as sha3 import hashlib + class Issue: def __init__( self, @@ -36,7 +37,9 @@ class Issue: keccak.update(bytes.fromhex(bytecode)) self.bytecode_hash = "0x" + keccak.hexdigest() except ValueError: - logging.debug("Unable to change the bytecode to bytes. Bytecode: {}".format(bytecode)) + logging.debug( + "Unable to change the bytecode to bytes. Bytecode: {}".format(bytecode) + ) self.bytecode_hash = "" @property diff --git a/mythril/disassembler/asm.py b/mythril/disassembler/asm.py index 2f447eb2..6e5f73f9 100644 --- a/mythril/disassembler/asm.py +++ b/mythril/disassembler/asm.py @@ -11,6 +11,7 @@ opcodes[254] = ["ASSERT_FAIL", 0, 0, 0] class EvmInstruction: """ Model to hold the information of the disassembly """ + def __init__(self, address, op_code, argument=None): self.address = address self.op_code = op_code @@ -66,7 +67,7 @@ def is_sequence_match(pattern: list, instruction_list: list, index: int) -> bool """ for index, pattern_slot in enumerate(pattern, start=index): try: - if not instruction_list[index]['opcode'] in pattern_slot: + if not instruction_list[index]["opcode"] in pattern_slot: return False except IndexError: return False @@ -95,7 +96,7 @@ def disassemble(bytecode: str) -> list: match = re.search(regex_PUSH, op_code_name) if match: - argument_bytes = bytecode[address + 1: address + 1 + int(match.group(1))] + argument_bytes = bytecode[address + 1 : address + 1 + int(match.group(1))] current_instruction.argument = "0x" + argument_bytes.hex() address += int(match.group(1)) diff --git a/mythril/version.py b/mythril/version.py index dbb80403..209f9662 100644 --- a/mythril/version.py +++ b/mythril/version.py @@ -1,3 +1,3 @@ # This file is suitable for sourcing inside POSIX shell, e.g. bash as # well as for importing into Python -VERSION="v0.18.13" # NOQA +VERSION = "v0.18.13" # NOQA diff --git a/tests/analysis/test_delegatecall.py b/tests/analysis/test_delegatecall.py index c5669b7c..40816cfb 100644 --- a/tests/analysis/test_delegatecall.py +++ b/tests/analysis/test_delegatecall.py @@ -12,6 +12,7 @@ from unittest.mock import MagicMock, patch import pytest_mock from mythril.disassembler.disassembly import Disassembly + def test_concrete_call(): # arrange address = "0x10" From f6749a1e9729c4efa94d0a84ca339260d6db1ca3 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 18:51:48 +0100 Subject: [PATCH 185/213] Bugfix search_children --- mythril/analysis/modules/external_calls.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mythril/analysis/modules/external_calls.py b/mythril/analysis/modules/external_calls.py index 1b45205a..9f581dba 100644 --- a/mythril/analysis/modules/external_calls.py +++ b/mythril/analysis/modules/external_calls.py @@ -5,7 +5,7 @@ from mythril.analysis import solver from mythril.analysis.swc_data import REENTRANCY import re import logging - +from mythril.laser.ethereum.cfg import JumpType """ MODULE DESCRIPTION: @@ -30,16 +30,15 @@ def search_children(statespace, node, start_index=0, depth=0, results=None): for j in range(start_index, n_states): if node.states[j].get_current_instruction()["opcode"] == "SSTORE": results.append(node.states[j].get_current_instruction()["address"]) - children = [] for edge in statespace.edges: - if edge.node_from == node.uid: + if edge.node_from == node.uid and edge.type != JumpType.Transaction: children.append(statespace.nodes[edge.node_to]) if len(children): for node in children: - return search_children( + results += search_children( statespace, node, depth=depth + 1, results=results ) From 31a8107dafdf20a67360d39d1b11cd1c9070f6b5 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 18:55:51 +0100 Subject: [PATCH 186/213] Make search_children compatible with multi transactional analysis --- mythril/analysis/modules/external_calls.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mythril/analysis/modules/external_calls.py b/mythril/analysis/modules/external_calls.py index 9f581dba..a5fbfded 100644 --- a/mythril/analysis/modules/external_calls.py +++ b/mythril/analysis/modules/external_calls.py @@ -16,7 +16,9 @@ Check for call.value()() to external addresses MAX_SEARCH_DEPTH = 64 -def search_children(statespace, node, start_index=0, depth=0, results=None): +def search_children( + statespace, node, transaction_id, start_index=0, depth=0, results=None +): if results is None: results = [] logging.debug("SEARCHING NODE %d", node.uid) @@ -28,7 +30,10 @@ def search_children(statespace, node, start_index=0, depth=0, results=None): if n_states > start_index: for j in range(start_index, n_states): - if node.states[j].get_current_instruction()["opcode"] == "SSTORE": + if ( + node.states[j].get_current_instruction()["opcode"] == "SSTORE" + and node.states[j].current_transaction.id == transaction_id + ): results.append(node.states[j].get_current_instruction()["address"]) children = [] @@ -39,7 +44,7 @@ def search_children(statespace, node, start_index=0, depth=0, results=None): if len(children): for node in children: results += search_children( - statespace, node, depth=depth + 1, results=results + statespace, node, transaction_id, depth=depth + 1, results=results ) return results @@ -149,7 +154,12 @@ def execute(statespace): # Check for SSTORE in remaining instructions in current node & nodes down the CFG state_change_addresses = search_children( - statespace, call.node, call.state_index + 1, depth=0, results=[] + statespace, + call.node, + call.state.current_transaction.id, + call.state_index + 1, + depth=0, + results=[], ) logging.debug( From bde69593f4d4f9107ee6e094b4ae371cc18b5b6f Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 19:32:37 +0100 Subject: [PATCH 187/213] Don't check for requires as this results in false negatives --- mythril/analysis/modules/integer.py | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index b5c952f8..c46638cd 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -290,8 +290,6 @@ def _search_children( element = _check_usage(current_state, taint_result) if len(element) < 1: continue - if _check_requires(element[0], node, statespace, constraint): - continue results += element # Recursively search children @@ -313,24 +311,3 @@ def _search_children( ) return results - - -def _check_requires(state, node, statespace, constraint): - """Checks if usage of overflowed statement results in a revert statement""" - instruction = state.get_current_instruction() - if instruction["opcode"] is not "JUMPI": - return False - children = [ - statespace.nodes[edge.node_to] - for edge in statespace.edges - if edge.node_from == node.uid - ] - - for child in children: - opcodes = [s.get_current_instruction()["opcode"] for s in child.states] - if "REVERT" in opcodes or "ASSERT_FAIL" in opcodes: - return True - # I added the following case, bc of false positives if the max depth is not high enough - if len(children) == 0: - return True - return False From c6a0644c460189d4cdf2f3d15177d40df5f6969c Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Sun, 28 Oct 2018 19:37:44 +0100 Subject: [PATCH 188/213] fix missing call variable --- mythril/analysis/modules/dependence_on_predictable_vars.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index d390c047..ea7095d1 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -66,7 +66,7 @@ def execute(statespace): function_name=call.node.function_name, address=address, swc_id=swc_type, - bytecode=state.environment.code.bytecode, + bytecode=call.state.environment.code.bytecode, title="Dependence on predictable environment variable", _type="Warning", description=description, @@ -144,7 +144,7 @@ def execute(statespace): contract=call.node.contract_name, function_name=call.node.function_name, address=address, - bytecode=state.environment.code.bytecode, + bytecode=call.state.environment.code.bytecode, title="Dependence on predictable variable", _type="Informational", description=description, From 6e4ace9f7308edd08168bae7dae601ad54678986 Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Mon, 29 Oct 2018 11:31:33 +0100 Subject: [PATCH 189/213] Automatic releases of "develop" to "mythril/myth-dev" DockerHub container --- .circleci/config.yml | 21 ++++++++++++++++++++- docker_build_and_deploy.sh | 3 ++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index fc14bfc8..cbda5a35 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -90,6 +90,8 @@ jobs: command: twine upload dist/* working_directory: /home/mythril + # Release of the mainstream (current stable) version as mythril/myth + # container. dockerhub_release: docker: - image: docker:stable @@ -98,7 +100,18 @@ jobs: - setup_remote_docker - run: name: Building Docker Image - command: ./docker_build_and_deploy.sh + command: ./docker_build_and_deploy.sh mythril/myth + + # Release of the latest development version as mythril/myth-dev container. + dockerhub_dev_release: + docker: + - image: docker:stable + steps: + - checkout + - setup_remote_docker + - run: + name: Building Docker Image + command: ./docker_build_and_deploy.sh mythril/myth-dev workflows: version: 2 @@ -116,6 +129,12 @@ workflows: only: /v[0-9]+(\.[0-9]+)*/ requires: - test + - dockerhub_dev_release: + filters: + branches: + only: develop + requires: + - test - dockerhub_release: filters: branches: diff --git a/docker_build_and_deploy.sh b/docker_build_and_deploy.sh index 387ba99c..53eca814 100755 --- a/docker_build_and_deploy.sh +++ b/docker_build_and_deploy.sh @@ -1,7 +1,8 @@ #!/bin/sh + set -eo pipefail -NAME=mythril/myth +NAME=$1 VERSION_TAG=${NAME}:${CIRCLE_TAG#?} LATEST_TAG=${NAME}:latest From 450a1be06cc631e650ebec16f877baa6152354c7 Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Mon, 29 Oct 2018 11:50:03 +0100 Subject: [PATCH 190/213] Temporary disables tests requirement for DockerHub "mythril/myth-dev" release --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index cbda5a35..3a6b372c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -133,8 +133,8 @@ workflows: filters: branches: only: develop - requires: - - test + # requires: + # - test - dockerhub_release: filters: branches: From 5f8d7382efd757ae35fbc4a91985452f3a3f07d2 Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Mon, 29 Oct 2018 12:18:51 +0100 Subject: [PATCH 191/213] Fix of Docker build & release shell scrip --- docker_build_and_deploy.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker_build_and_deploy.sh b/docker_build_and_deploy.sh index 53eca814..553cf59b 100755 --- a/docker_build_and_deploy.sh +++ b/docker_build_and_deploy.sh @@ -4,7 +4,14 @@ set -eo pipefail NAME=$1 -VERSION_TAG=${NAME}:${CIRCLE_TAG#?} +if [ -z $CIRCLE_TAG ]; +then + VERSION=${CIRCLE_TAG#?} +else + VERSION=${CRICLE_SHA1} +fi + +VERSION_TAG=${NAME}:${VERSION} LATEST_TAG=${NAME}:latest docker build -t ${VERSION_TAG} . From aeefb7416e26cea95c10e123fb16dc898fda43fa Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Mon, 29 Oct 2018 12:21:02 +0100 Subject: [PATCH 192/213] A misprint fix --- docker_build_and_deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker_build_and_deploy.sh b/docker_build_and_deploy.sh index 553cf59b..aca8a24c 100755 --- a/docker_build_and_deploy.sh +++ b/docker_build_and_deploy.sh @@ -8,7 +8,7 @@ if [ -z $CIRCLE_TAG ]; then VERSION=${CIRCLE_TAG#?} else - VERSION=${CRICLE_SHA1} + VERSION=${CIRCLE_SHA1} fi VERSION_TAG=${NAME}:${VERSION} From e260db50569e45a51cc5f011b47b8811a63ff1d4 Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Mon, 29 Oct 2018 12:27:54 +0100 Subject: [PATCH 193/213] Another fix of the docker build & release script --- docker_build_and_deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker_build_and_deploy.sh b/docker_build_and_deploy.sh index aca8a24c..1a70d9e0 100755 --- a/docker_build_and_deploy.sh +++ b/docker_build_and_deploy.sh @@ -4,7 +4,7 @@ set -eo pipefail NAME=$1 -if [ -z $CIRCLE_TAG ]; +if [ ! -z $CIRCLE_TAG ]; then VERSION=${CIRCLE_TAG#?} else From e3386bcf9830591a424cadd1c0e5546b3b2e6f7c Mon Sep 17 00:00:00 2001 From: Nathan Date: Mon, 29 Oct 2018 12:41:29 -0400 Subject: [PATCH 194/213] output transaction sequence as verbose output --- mythril/analysis/modules/ether_send.py | 6 +++++- mythril/analysis/modules/exceptions.py | 6 ++---- mythril/analysis/modules/integer.py | 8 ++++++-- mythril/analysis/modules/suicide.py | 11 +++-------- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index ae723333..de294d62 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -56,7 +56,11 @@ def _analyze_state(state, node): node.constraints + not_creator_constraints + [call_value > 0] ) - debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) + debug = "Transaction Sequence: " + str( + solver.get_transaction_sequence( + state, node.constraints + not_creator_constraints + [call_value > 0] + ) + ) issue = Issue( contract=node.contract_name, diff --git a/mythril/analysis/modules/exceptions.py b/mythril/analysis/modules/exceptions.py index 0768fac4..31148902 100644 --- a/mythril/analysis/modules/exceptions.py +++ b/mythril/analysis/modules/exceptions.py @@ -40,12 +40,10 @@ def execute(statespace): "Use `require()` for regular input checking. " ) - debug = ( - "The exception is triggered under the following conditions:\n\n" + debug = "Transaction Sequence: " + str( + solver.get_transaction_sequence(state, node.constraints) ) - debug += solver.pretty_print_model(model) - issues.append( Issue( contract=node.contract_name, diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index b5c952f8..ecdb9097 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -99,7 +99,9 @@ def _check_integer_overflow(statespace, state, node): ) issue.description = "The arithmetic operation can result in integer overflow.\n" - issue.debug = solver.pretty_print_model(model) + issue.debug = "Transaction Sequence: " + str( + solver.get_transaction_sequence(state, node.constraints) + ) issues.append(issue) return issues @@ -209,7 +211,9 @@ def _check_integer_underflow(statespace, state, node): "The subtraction can result in an integer underflow.\n" ) - issue.debug = solver.pretty_print_model(model) + issue.debug = "Transaction Sequence: " + str( + solver.get_transaction_sequence(state, node.constraints) + ) issues.append(issue) except UnsatError: diff --git a/mythril/analysis/modules/suicide.py b/mythril/analysis/modules/suicide.py index eb7ab116..9d4d4537 100644 --- a/mythril/analysis/modules/suicide.py +++ b/mythril/analysis/modules/suicide.py @@ -67,17 +67,12 @@ def _analyze_state(state, node): try: model = solver.get_model(node.constraints + not_creator_constraints) - logging.debug( - "Transaction Sequence: " - + str( - solver.get_transaction_sequence( - state, node.constraints + not_creator_constraints - ) + debug = "Transaction Sequence: " + str( + solver.get_transaction_sequence( + state, node.constraints + not_creator_constraints ) ) - debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model) - issue = Issue( contract=node.contract_name, function=node.function_name, From 0290de26f8760be291b90f6ffbf2eebe2c114c76 Mon Sep 17 00:00:00 2001 From: Nathan Date: Mon, 29 Oct 2018 14:09:22 -0400 Subject: [PATCH 195/213] remove caller and call_value constraints from concretization logic --- mythril/analysis/solver.py | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/mythril/analysis/solver.py b/mythril/analysis/solver.py index c64c82bb..ad97792a 100644 --- a/mythril/analysis/solver.py +++ b/mythril/analysis/solver.py @@ -1,4 +1,4 @@ -from z3 import Solver, simplify, sat, unknown, FuncInterp, Extract, UGE +from z3 import Solver, simplify, sat, unknown, FuncInterp, UGE from mythril.exceptions import UnsatError from mythril.laser.ethereum.transaction.transaction_models import ( ContractCreationTransaction, @@ -40,12 +40,7 @@ def pretty_print_model(model): return ret -def get_transaction_sequence( - global_state, - constraints, - caller="0xCA11EDEADBEEFCA11EDEADBEEFCA11ED37E636E6", - max_callvalue=None, -): +def get_transaction_sequence(global_state, constraints): """ Generate concrete transaction sequence @@ -58,7 +53,11 @@ def get_transaction_sequence( transaction_sequence = global_state.world_state.transaction_sequence # gaslimit & gasprice don't exist yet - tx_template = {"calldata": None, "call_value": None, "caller": caller} + tx_template = { + "calldata": None, + "call_value": None, + "caller": "0xCA11EDEADBEEF37E636E6CA11EDEADBEEFCA11ED", + } txs = {} creation_tx_ids = [] @@ -68,15 +67,6 @@ def get_transaction_sequence( tx_id = str(transaction.id) if not isinstance(transaction, ContractCreationTransaction): - # Constrain caller - tx_constraints.append( - (Extract(159, 0, transaction.caller) == int(caller[2:], 16)) - ) - - # Constrain callvalue - if max_callvalue != None: - tx_constraints.append(UGE(max_callvalue, transaction.call_value)) - # Constrain calldatasize max_calldatasize = 5000 if max_calldatasize != None: @@ -112,4 +102,11 @@ def get_transaction_sequence( txs[tx_id]["call_value"] = call_value + if "caller" in name: + tx_id = name.replace("caller", "") + if not tx_id in creation_tx_ids: + caller = "0x" + ("%x" % model[d].as_long()).zfill(64) + + txs[tx_id]["caller"] = caller + return txs From 0f8e9144a64d22dac51757d20b7282df5cfb8a17 Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Tue, 16 Oct 2018 16:55:58 +0800 Subject: [PATCH 196/213] analysis/transaction_order_dependence: import missing `copy` module in transaction_order_dependence.py copy.deepcopy() is used in transaction_order_dependence.py, but the `copy` module is not imported. --- mythril/analysis/modules/transaction_order_dependence.py | 1 + 1 file changed, 1 insertion(+) diff --git a/mythril/analysis/modules/transaction_order_dependence.py b/mythril/analysis/modules/transaction_order_dependence.py index 4528459c..9db7c104 100644 --- a/mythril/analysis/modules/transaction_order_dependence.py +++ b/mythril/analysis/modules/transaction_order_dependence.py @@ -1,5 +1,6 @@ import logging import re +import copy from mythril.analysis import solver from mythril.analysis.ops import * From ce4075b8df3e8d6bcfdd309b91b3a3fad2177f3d Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Tue, 9 Oct 2018 13:52:12 +0800 Subject: [PATCH 197/213] laser/instruction: remove unused solver in sstore_() --- mythril/laser/ethereum/instructions.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index c31d5f46..cabdaba1 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -18,7 +18,6 @@ from z3 import ( URem, SRem, BitVec, - Solver, is_true, BitVecVal, If, @@ -43,7 +42,6 @@ from mythril.laser.ethereum.transaction import ( TransactionStartSignal, ContractCreationTransaction, ) -from mythril.analysis.solver import get_model TT256 = 2 ** 256 TT256M1 = 2 ** 256 - 1 @@ -924,9 +922,6 @@ class Instruction: storage_keys = global_state.environment.active_account.storage.keys() keccak_keys = filter(keccak_function_manager.is_keccak, storage_keys) - solver = Solver() - solver.set(timeout=1000) - results = [] new = False From 725bfec464594070d568f6a24880abd16afb05a4 Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Tue, 30 Oct 2018 20:53:30 +0800 Subject: [PATCH 198/213] laser/instruction: simplify before checking by Z3 is_true() Z3 is_true() does not automatically consider `expr == expr` to be true, so `is_true(key_argument == index_argument)` in `sstore_()` will miss lots of positive conditions and then generate lots of unnecessary subsequent paths. Take the following contract for example ``` contract Foo { mapping(address => uint) public balances; function bar(address _to, uint256 _value) public { require(balances[_to] + _value >= balances[_to]); balances[_to] += _value; balances[_to] += _value; } ``` Before this commit, - 772 nodes/771 edges/8288 states are generated. After this commit, - only 237 nodes/236 edges/3204 states are generated. --- mythril/laser/ethereum/instructions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py index cabdaba1..edefece9 100644 --- a/mythril/laser/ethereum/instructions.py +++ b/mythril/laser/ethereum/instructions.py @@ -929,7 +929,7 @@ class Instruction: key_argument = keccak_function_manager.get_argument(keccak_key) index_argument = keccak_function_manager.get_argument(index) - if is_true(key_argument == index_argument): + if is_true(simplify(key_argument == index_argument)): return self._sstore_helper( copy(global_state), keccak_key, From 91015e63baae514393e0cb6a7ea64e80a3b93d67 Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Tue, 30 Oct 2018 21:17:06 +0800 Subject: [PATCH 199/213] analysis/integer: remove unnecessary deepcopy of constraints `solver.get_model()` has no way to mutate constraints passed to it, so the expensive deepcopy of constraints before calling `solver.get_model()`is unnecessary. --- mythril/analysis/modules/integer.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index b5c952f8..4e6f9b25 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -127,11 +127,8 @@ def _try_constraints(constraints, new_constraints): Tries new constraints :return Model if satisfiable otherwise None """ - _constraints = copy.deepcopy(constraints) - for constraint in new_constraints: - _constraints.append(copy.deepcopy(constraint)) try: - model = solver.get_model(_constraints) + model = solver.get_model(constraints + new_constraints) return model except UnsatError: return None From 2af841027c17256964ce92b0459d32a9c210e357 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 30 Oct 2018 14:42:16 -0400 Subject: [PATCH 200/213] remove unneeded check --- mythril/analysis/solver.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mythril/analysis/solver.py b/mythril/analysis/solver.py index ad97792a..0532a854 100644 --- a/mythril/analysis/solver.py +++ b/mythril/analysis/solver.py @@ -94,6 +94,7 @@ def get_transaction_sequence(global_state, constraints): for d in model.decls(): name = d.name() + logging.warn(d.name) if "call_value" in name: tx_id = name.replace("call_value", "") @@ -103,10 +104,10 @@ def get_transaction_sequence(global_state, constraints): txs[tx_id]["call_value"] = call_value if "caller" in name: + # caller is 'creator' for creation transactions tx_id = name.replace("caller", "") - if not tx_id in creation_tx_ids: - caller = "0x" + ("%x" % model[d].as_long()).zfill(64) + caller = "0x" + ("%x" % model[d].as_long()).zfill(64) - txs[tx_id]["caller"] = caller + txs[tx_id]["caller"] = caller return txs From 74a1a401d3e7dae9733c3722e6683dffc3d070d7 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 30 Oct 2018 14:46:17 -0400 Subject: [PATCH 201/213] remove unhelpful log messages --- mythril/analysis/solver.py | 1 - 1 file changed, 1 deletion(-) diff --git a/mythril/analysis/solver.py b/mythril/analysis/solver.py index 0532a854..d41b24c0 100644 --- a/mythril/analysis/solver.py +++ b/mythril/analysis/solver.py @@ -94,7 +94,6 @@ def get_transaction_sequence(global_state, constraints): for d in model.decls(): name = d.name() - logging.warn(d.name) if "call_value" in name: tx_id = name.replace("call_value", "") From 8fea106cb76ca97602e34be45ffed2731cb6b2c2 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 31 Oct 2018 08:03:28 +0100 Subject: [PATCH 202/213] Set max-transaction-count default to 1 --- mythril/interfaces/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/interfaces/cli.py b/mythril/interfaces/cli.py index 36880aea..19d73be6 100644 --- a/mythril/interfaces/cli.py +++ b/mythril/interfaces/cli.py @@ -159,7 +159,7 @@ def main(): options.add_argument( "--max-transaction-count", type=int, - default=3, + default=1, help="Maximum number of transactions issued by laser", ) From befac7f40a1f63fe9a19bbdb56625e28da5df28d Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Wed, 31 Oct 2018 09:55:40 +0100 Subject: [PATCH 203/213] Disables API integration tests in CircleCI config --- .circleci/config.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 3a6b372c..3c6921e9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -67,10 +67,10 @@ jobs: name: Sonar analysis command: if [ -z "$CIRCLE_PR_NUMBER" ]; then if [ -z "$CIRCLE_TAG" ]; then sonar-scanner -Dsonar.projectKey=$SONAR_PROJECT_KEY -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.branch.name=$CIRCLE_BRANCH -Dsonar.projectBaseDir=/home/mythril -Dsonar.sources=mythril -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.tests=/home/mythril/tests -Dsonar.login=$SONAR_LOGIN; fi; fi - - run: - name: Integration tests - command: if [ -z "$CIRCLE_PR_NUMBER" ]; then ./run-integration-tests.sh; fi - working_directory: /home + # - run: + # name: Integration tests + # command: if [ -z "$CIRCLE_PR_NUMBER" ]; then ./run-integration-tests.sh; fi + # working_directory: /home pypi_release: <<: *defaults From 3dd205d6488881988d537b40e1376b500d1895b6 Mon Sep 17 00:00:00 2001 From: "Dr. Sergey Pogodin" Date: Wed, 31 Oct 2018 10:03:16 +0100 Subject: [PATCH 204/213] Version bumped to 0.19.0 --- mythril/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/version.py b/mythril/version.py index 209f9662..624f5a07 100644 --- a/mythril/version.py +++ b/mythril/version.py @@ -1,3 +1,3 @@ # This file is suitable for sourcing inside POSIX shell, e.g. bash as # well as for importing into Python -VERSION = "v0.18.13" # NOQA +VERSION = "v0.19.0" # NOQA From adeec0264f36de23656eeb38cbf4a9a22f3ddc56 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Wed, 31 Oct 2018 12:28:51 +0100 Subject: [PATCH 205/213] subtraction typo fix --- mythril/analysis/modules/integer.py | 2 +- tests/testdata/outputs_expected/overflow.sol.o.json | 2 +- tests/testdata/outputs_expected/overflow.sol.o.markdown | 4 ++-- tests/testdata/outputs_expected/overflow.sol.o.text | 4 ++-- tests/testdata/outputs_expected/underflow.sol.o.json | 2 +- tests/testdata/outputs_expected/underflow.sol.o.markdown | 4 ++-- tests/testdata/outputs_expected/underflow.sol.o.text | 4 ++-- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index 54926a6a..df0d8988 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -210,7 +210,7 @@ def _check_integer_underflow(statespace, state, node): ) issue.description = ( - "The substraction can result in an integer underflow.\n" + "The subtraction can result in an integer underflow.\n" ) issue.debug = "Transaction Sequence: " + str( diff --git a/tests/testdata/outputs_expected/overflow.sol.o.json b/tests/testdata/outputs_expected/overflow.sol.o.json index fb92acaf..d651908c 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.json +++ b/tests/testdata/outputs_expected/overflow.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown index 4f86063c..f042f183 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/overflow.sol.o.markdown @@ -9,7 +9,7 @@ ### Description -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. ## Integer Underflow - SWC ID: 101 @@ -20,7 +20,7 @@ The substraction can result in an integer underflow. ### Description -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. ## Integer Overflow - SWC ID: 101 diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text index acdce40b..ad480ffd 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ b/tests/testdata/outputs_expected/overflow.sol.o.text @@ -4,7 +4,7 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) PC address: 567 -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. -------------------- @@ -14,7 +14,7 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) PC address: 649 -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. -------------------- diff --git a/tests/testdata/outputs_expected/underflow.sol.o.json b/tests/testdata/outputs_expected/underflow.sol.o.json index fb92acaf..d651908c 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.json +++ b/tests/testdata/outputs_expected/underflow.sol.o.json @@ -1 +1 @@ -{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file +{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown index 4f86063c..f042f183 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/underflow.sol.o.markdown @@ -9,7 +9,7 @@ ### Description -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. ## Integer Underflow - SWC ID: 101 @@ -20,7 +20,7 @@ The substraction can result in an integer underflow. ### Description -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. ## Integer Overflow - SWC ID: 101 diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text index acdce40b..ad480ffd 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ b/tests/testdata/outputs_expected/underflow.sol.o.text @@ -4,7 +4,7 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) PC address: 567 -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. -------------------- @@ -14,7 +14,7 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) PC address: 649 -The substraction can result in an integer underflow. +The subtraction can result in an integer underflow. -------------------- From 0d0d8e5ac3cdaaaf8a16f585dd278587c25263e5 Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Wed, 31 Oct 2018 19:55:49 +0800 Subject: [PATCH 206/213] dependencies: bump the minimal Z3 version to 4.8 Following commits will use overflow checking APIs that are only available in newer versions of Z3. --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index d829a885..3691a704 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,5 +24,5 @@ pytest_mock requests rlp>=1.0.1 transaction>=2.2.1 -z3-solver>=4.5 +z3-solver>=4.8 pysha3 diff --git a/setup.py b/setup.py index 6aa0dfb7..c52d2153 100755 --- a/setup.py +++ b/setup.py @@ -75,7 +75,7 @@ setup( install_requires=[ "coloredlogs>=10.0", "ethereum>=2.3.2", - "z3-solver>=4.5", + "z3-solver>=4.8", "requests", "py-solc", "plyvel", From ee674ff803d7f309fd5b296ce51f4d0c47a0d7a2 Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Wed, 31 Oct 2018 11:30:30 +0800 Subject: [PATCH 207/213] analysis/integer: fix the overflow check of bit vector multiplication Differently than the bit vector addition, an overflowed bit vector multiplication does not necessarily result in a value less than any of its operands (e.g., the multiplication of two 8-bit vectors 0x7 and 4 produces 0xC). Fix this issue by using Z3 BVMulNoOverflow in the overflow check of bit vector multiplication. --- mythril/analysis/modules/integer.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index df0d8988..709d2c2e 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -72,11 +72,12 @@ def _check_integer_overflow(statespace, state, node): # Formulate expression if instruction["opcode"] == "ADD": expr = op0 + op1 + constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0)) else: expr = op1 * op0 + constraint = Not(BVMulNoOverflow(op0, op1, signed=False)) # Check satisfiable - constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0)) model = _try_constraints(node.constraints, [constraint]) if model is None: From a982a7d7fd461c2b670a43e9544164de3ae84b5e Mon Sep 17 00:00:00 2001 From: Haozhong Zhang Date: Wed, 31 Oct 2018 19:58:46 +0800 Subject: [PATCH 208/213] analysis/integer: switch addition overflow check to dedicated Z3 API Use Z3 API BVAddNoOverflow() in the constraint to check the bit vector addition overflow. --- mythril/analysis/modules/integer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index 709d2c2e..bb75c550 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -72,7 +72,7 @@ def _check_integer_overflow(statespace, state, node): # Formulate expression if instruction["opcode"] == "ADD": expr = op0 + op1 - constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0)) + constraint = Not(BVAddNoOverflow(op0, op1, signed=False)) else: expr = op1 * op0 constraint = Not(BVMulNoOverflow(op0, op1, signed=False)) From 9ee0014a1bd4f1db1364ec8a5a3eba94f49784f9 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 31 Oct 2018 22:40:13 +0530 Subject: [PATCH 209/213] Pass solc binary to other functions --- mythril/ether/soliditycontract.py | 10 +++++----- mythril/mythril.py | 9 +++++++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/mythril/ether/soliditycontract.py b/mythril/ether/soliditycontract.py index 14995b8b..da142c71 100644 --- a/mythril/ether/soliditycontract.py +++ b/mythril/ether/soliditycontract.py @@ -25,18 +25,18 @@ class SourceCodeInfo: self.code = code -def get_contracts_from_file(input_file, solc_args=None): - data = get_solc_json(input_file, solc_args=solc_args) +def get_contracts_from_file(input_file, solc_args=None, solc_binary="solc"): + data = get_solc_json(input_file, solc_args=solc_args, solc_binary=solc_binary) for key, contract in data["contracts"].items(): filename, name = key.split(":") if filename == input_file and len(contract["bin-runtime"]): - yield SolidityContract(input_file, name, solc_args) + yield SolidityContract(input_file=input_file, name=name, solc_args=solc_args, solc_binary=solc_binary) class SolidityContract(ETHContract): - def __init__(self, input_file, name=None, solc_args=None): + def __init__(self, input_file, name=None, solc_args=None, solc_binary="solc"): - data = get_solc_json(input_file, solc_args=solc_args) + data = get_solc_json(input_file, solc_args=solc_args, solc_binary=solc_binary) self.solidity_files = [] diff --git a/mythril/mythril.py b/mythril/mythril.py index d5dbd76f..728f47c6 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -375,13 +375,18 @@ class Mythril(object): if contract_name is not None: contract = SolidityContract( - file, contract_name, solc_args=self.solc_args + input_file=file, + name=contract_name, + solc_args=self.solc_args, + solc_binary=self.solc_binary ) self.contracts.append(contract) contracts.append(contract) else: for contract in get_contracts_from_file( - file, solc_args=self.solc_args + input_file=file, + solc_args=self.solc_args, + solc_binary=self.solc_binary ): self.contracts.append(contract) contracts.append(contract) From 973148db669331c8826b5692546e2511e52a079c Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 31 Oct 2018 22:47:49 +0530 Subject: [PATCH 210/213] Reformat code with black --- mythril/ether/soliditycontract.py | 7 ++++++- mythril/mythril.py | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/mythril/ether/soliditycontract.py b/mythril/ether/soliditycontract.py index da142c71..fdf10fc0 100644 --- a/mythril/ether/soliditycontract.py +++ b/mythril/ether/soliditycontract.py @@ -30,7 +30,12 @@ def get_contracts_from_file(input_file, solc_args=None, solc_binary="solc"): for key, contract in data["contracts"].items(): filename, name = key.split(":") if filename == input_file and len(contract["bin-runtime"]): - yield SolidityContract(input_file=input_file, name=name, solc_args=solc_args, solc_binary=solc_binary) + yield SolidityContract( + input_file=input_file, + name=name, + solc_args=solc_args, + solc_binary=solc_binary, + ) class SolidityContract(ETHContract): diff --git a/mythril/mythril.py b/mythril/mythril.py index 728f47c6..6477d3b2 100644 --- a/mythril/mythril.py +++ b/mythril/mythril.py @@ -378,7 +378,7 @@ class Mythril(object): input_file=file, name=contract_name, solc_args=self.solc_args, - solc_binary=self.solc_binary + solc_binary=self.solc_binary, ) self.contracts.append(contract) contracts.append(contract) @@ -386,7 +386,7 @@ class Mythril(object): for contract in get_contracts_from_file( input_file=file, solc_args=self.solc_args, - solc_binary=self.solc_binary + solc_binary=self.solc_binary, ): self.contracts.append(contract) contracts.append(contract) From 9c92f1b24c36ec01da6085974d86f2a24847845a Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 31 Oct 2018 20:28:58 +0100 Subject: [PATCH 211/213] Fix z3 version --- requirements.txt | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index d829a885..252538c5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,5 +24,5 @@ pytest_mock requests rlp>=1.0.1 transaction>=2.2.1 -z3-solver>=4.5 +z3-solver==4.5.1.0.post2 pysha3 diff --git a/setup.py b/setup.py index 6aa0dfb7..4a33a0dc 100755 --- a/setup.py +++ b/setup.py @@ -75,7 +75,7 @@ setup( install_requires=[ "coloredlogs>=10.0", "ethereum>=2.3.2", - "z3-solver>=4.5", + "z3-solver==4.5.1.0.post2", "requests", "py-solc", "plyvel", From 9cbf1d55e5781fdae8ec64f18b9edb5f15b732f8 Mon Sep 17 00:00:00 2001 From: Joran Honig Date: Wed, 31 Oct 2018 20:57:37 +0100 Subject: [PATCH 212/213] revert changes to support z3 4.5 --- mythril/analysis/modules/integer.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index 8916ed13..aea9ff06 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -72,11 +72,12 @@ def _check_integer_overflow(statespace, state, node): # Formulate expression if instruction["opcode"] == "ADD": expr = op0 + op1 - constraint = Not(BVAddNoOverflow(op0, op1, signed=False)) + # constraint = Not(BVAddNoOverflow(op0, op1, signed=False)) else: expr = op1 * op0 - constraint = Not(BVMulNoOverflow(op0, op1, signed=False)) + # constraint = Not(BVMulNoOverflow(op0, op1, signed=False)) + constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0)) # Check satisfiable model = _try_constraints(node.constraints, [constraint]) From 036278502a43a4b8d03e8a1cfcf666878f034e04 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Wed, 31 Oct 2018 22:13:55 +0100 Subject: [PATCH 213/213] Update version.py --- mythril/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/version.py b/mythril/version.py index edb5e509..93f43515 100644 --- a/mythril/version.py +++ b/mythril/version.py @@ -1,3 +1,3 @@ # This file is suitable for sourcing inside POSIX shell, e.g. bash as # well as for importing into Python -VERSION = "v0.19.1" # NOQA +VERSION = "v0.19.3" # NOQA