diff --git a/tests/testdata/outputs_expected/calls.sol.markdown b/tests/testdata/outputs_expected/calls.sol.markdown index 2125f4eb..d9bcc61b 100644 --- a/tests/testdata/outputs_expected/calls.sol.markdown +++ b/tests/testdata/outputs_expected/calls.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Message call to external contract + - Type: Informational - Contract: Caller - Function name: `_function_0x5a6814ec` - PC address: 661 + + ### Description + This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. In */inputs/calls.sol:16* @@ -13,13 +18,19 @@ In */inputs/calls.sol:16* ``` fixed_address.call() ``` + + ## Message call to external contract + - Type: Warning - Contract: Caller - Function name: `_function_0xd24b08cc` - PC address: 779 + + ### Description + This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. In */inputs/calls.sol:29* @@ -27,13 +38,19 @@ In */inputs/calls.sol:29* ``` stored_address.call() ``` + + ## Message call to external contract + - Type: Informational - Contract: Caller - Function name: `_function_0xe11f493e` - PC address: 858 + + ### Description + This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. In */inputs/calls.sol:20* @@ -41,13 +58,19 @@ In */inputs/calls.sol:20* ``` fixed_address.call() ``` + + ## State change after external call + - Type: Warning - Contract: Caller - Function name: `_function_0xe11f493e` - PC address: 869 + + ### Description + The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. In */inputs/calls.sol:21* @@ -55,13 +78,19 @@ In */inputs/calls.sol:21* ``` statevar = 0 ``` + + ## Message call to external contract + - Type: Warning - Contract: Caller - Function name: `_function_0xe1d10f79` - PC address: 912 + + ### Description + This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. In */inputs/calls.sol:25* @@ -69,13 +98,19 @@ In */inputs/calls.sol:25* ``` addr.call() ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Caller - Function name: `_function_0x5a6814ec` - PC address: 661 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/calls.sol:16* @@ -83,13 +118,19 @@ In */inputs/calls.sol:16* ``` fixed_address.call() ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Caller - Function name: `_function_0xd24b08cc` - PC address: 779 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/calls.sol:29* @@ -97,13 +138,19 @@ In */inputs/calls.sol:29* ``` stored_address.call() ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Caller - Function name: `_function_0xe11f493e` - PC address: 858 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/calls.sol:20* @@ -111,13 +158,19 @@ In */inputs/calls.sol:20* ``` fixed_address.call() ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Caller - Function name: `_function_0xe1d10f79` - PC address: 912 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/calls.sol:25* diff --git a/tests/testdata/outputs_expected/ether_send.sol.markdown b/tests/testdata/outputs_expected/ether_send.sol.markdown index 01c7e26f..147e60e9 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.markdown +++ b/tests/testdata/outputs_expected/ether_send.sol.markdown @@ -1,12 +1,17 @@ -# Analysis Results + + ## Ether send + - Type: Warning - Contract: Crowdfunding - Function name: `withdrawfunds()` - PC address: 816 + + ### Description -In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. + +In the function `'withdrawfunds()'` a non-zero amount of Ether is sent to msg.sender. There is a check on storage index 1. This storage slot can be written to by calling the function 'crowdfunding()'. @@ -15,13 +20,19 @@ In */inputs/ether_send.sol:18* ``` msg.sender.transfer(this.balance) ``` + + ## Integer Overflow + - Type: Warning - Contract: Crowdfunding - Function name: `invest()` - PC address: 483 + + ### Description + A possible integer overflow exists in the function `invest()`. The addition may result in a value higher than the maximum representable integer. diff --git a/tests/testdata/outputs_expected/exceptions.sol.markdown b/tests/testdata/outputs_expected/exceptions.sol.markdown index 2f228da0..96019b18 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.markdown +++ b/tests/testdata/outputs_expected/exceptions.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Exception state + - Type: Informational - Contract: Exceptions - Function name: `_function_0x546455b5` - PC address: 446 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/exceptions.sol:16* @@ -13,13 +18,19 @@ In */inputs/exceptions.sol:16* ``` assert(input != 23) ``` + + ## Exception state + - Type: Informational - Contract: Exceptions - Function name: `_function_0x92dd38ea` - PC address: 484 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/exceptions.sol:34* @@ -27,13 +38,19 @@ In */inputs/exceptions.sol:34* ``` myarray[index] ``` + + ## Exception state + - Type: Informational - Contract: Exceptions - Function name: `_function_0xa08299f1` - PC address: 506 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/exceptions.sol:24* @@ -41,13 +58,19 @@ In */inputs/exceptions.sol:24* ``` 1/input ``` + + ## Exception state + - Type: Informational - Contract: Exceptions - Function name: `_function_0xb34c3610` - PC address: 531 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/exceptions.sol:7* diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.markdown b/tests/testdata/outputs_expected/kinds_of_calls.sol.markdown index 0aaa5405..5de31146 100644 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.markdown +++ b/tests/testdata/outputs_expected/kinds_of_calls.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Message call to external contract + - Type: Warning - Contract: D - Function name: `_function_0xeea4c864` - PC address: 1038 + + ### Description + This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. In */inputs/kinds_of_calls.sol:6* @@ -13,13 +18,19 @@ In */inputs/kinds_of_calls.sol:6* ``` _e.call(bytes4(sha3("setN(uint256)")), _n) ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: D - Function name: `_function_0xeea4c864` - PC address: 1038 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/kinds_of_calls.sol:6* diff --git a/tests/testdata/outputs_expected/metacoin.sol.markdown b/tests/testdata/outputs_expected/metacoin.sol.markdown index 04be36d5..72988640 100644 --- a/tests/testdata/outputs_expected/metacoin.sol.markdown +++ b/tests/testdata/outputs_expected/metacoin.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Integer Overflow + - Type: Warning - Contract: metaCoin - Function name: `sendToken(address,uint256)` - PC address: 498 + + ### Description + A possible integer overflow exists in the function `sendToken(address,uint256)`. The addition may result in a value higher than the maximum representable integer. diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.markdown index de4a3771..4ba0a5f9 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.markdown +++ b/tests/testdata/outputs_expected/multi_contracts.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Ether send + - Type: Warning - Contract: Transfer2 - Function name: `_function_0x8a4068dd` - PC address: 142 + + ### Description + In the function `'_function_0x8a4068dd'` a non-zero amount of Ether is sent to msg.sender. It seems that this function can be called without restrictions. diff --git a/tests/testdata/outputs_expected/origin.sol.markdown b/tests/testdata/outputs_expected/origin.sol.markdown index 19e1810c..babcfe9a 100644 --- a/tests/testdata/outputs_expected/origin.sol.markdown +++ b/tests/testdata/outputs_expected/origin.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Use of tx.origin + - Type: Warning - Contract: Origin - Function name: `transferOwnership(address)` - PC address: 317 + + ### Description + Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/overflow.sol.markdown b/tests/testdata/outputs_expected/overflow.sol.markdown index 77cb5626..0f9d33e8 100644 --- a/tests/testdata/outputs_expected/overflow.sol.markdown +++ b/tests/testdata/outputs_expected/overflow.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Integer Underflow + - Type: Warning - Contract: Over - Function name: `sendeth(address,uint256)` - PC address: 649 + + ### Description + A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. @@ -14,13 +19,19 @@ In */inputs/overflow.sol:12* ``` balances[msg.sender] -= _value ``` + + ## Integer Overflow + - Type: Warning - Contract: Over - Function name: `sendeth(address,uint256)` - PC address: 725 + + ### Description + A possible integer overflow exists in the function `sendeth(address,uint256)`. The addition may result in a value higher than the maximum representable integer. @@ -29,13 +40,19 @@ In */inputs/overflow.sol:13* ``` balances[_to] += _value ``` + + ## Integer Underflow + - Type: Warning - Contract: Over - Function name: `sendeth(address,uint256)` - PC address: 567 + + ### Description + A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. diff --git a/tests/testdata/outputs_expected/returnvalue.sol.markdown b/tests/testdata/outputs_expected/returnvalue.sol.markdown index faa81ee9..a771dd8c 100644 --- a/tests/testdata/outputs_expected/returnvalue.sol.markdown +++ b/tests/testdata/outputs_expected/returnvalue.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Message call to external contract + - Type: Informational - Contract: ReturnValue - Function name: `_function_0x633ab5e0` - PC address: 196 + + ### Description + This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. In */inputs/returnvalue.sol:10* @@ -13,13 +18,19 @@ In */inputs/returnvalue.sol:10* ``` callee.call() ``` + + ## Message call to external contract + - Type: Informational - Contract: ReturnValue - Function name: `_function_0xe3bea282` - PC address: 285 + + ### Description + This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. In */inputs/returnvalue.sol:6* @@ -27,13 +38,19 @@ In */inputs/returnvalue.sol:6* ``` callee.call() ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: ReturnValue - Function name: `_function_0xe3bea282` - PC address: 285 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/returnvalue.sol:6* diff --git a/tests/testdata/outputs_expected/rubixi.sol.markdown b/tests/testdata/outputs_expected/rubixi.sol.markdown index 9d688bc2..e20dd346 100644 --- a/tests/testdata/outputs_expected/rubixi.sol.markdown +++ b/tests/testdata/outputs_expected/rubixi.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Ether send + - Type: Warning - Contract: Rubixi - Function name: `_function_0x4229616d` - PC address: 1599 + + ### Description + In the function `'_function_0x4229616d'` a non-zero amount of Ether is sent to an address taken from storage slot 5. There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. @@ -17,13 +22,19 @@ In */inputs/rubixi.sol:93* ``` creator.send(feesToCollect) ``` + + ## Ether send + - Type: Warning - Contract: Rubixi - Function name: `_function_0x686f2c90` - PC address: 1940 + + ### Description + In the function `'_function_0x686f2c90'` a non-zero amount of Ether is sent to an address taken from storage slot 5. There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. @@ -35,13 +46,19 @@ In */inputs/rubixi.sol:75* ``` creator.send(collectedFees) ``` + + ## Exception state + - Type: Informational - Contract: Rubixi - Function name: `_function_0x57d4021b` - PC address: 1653 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/rubixi.sol:131* @@ -49,13 +66,19 @@ In */inputs/rubixi.sol:131* ``` participants[payoutOrder] ``` + + ## Exception state + - Type: Informational - Contract: Rubixi - Function name: `_function_0x9dbc4f9b` - PC address: 2085 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/rubixi.sol:148* @@ -63,13 +86,19 @@ In */inputs/rubixi.sol:148* ``` participants[orderInPyramid] ``` + + ## Integer Overflow + - Type: Warning - Contract: Rubixi - Function name: `_function_0xfae14192` - PC address: 1223 + + ### Description + A possible integer overflow exists in the function `_function_0xfae14192`. The addition may result in a value higher than the maximum representable integer. @@ -78,13 +107,19 @@ In */inputs/rubixi.sol:37* ``` collectedFees += msg.value ``` + + ## Integer Underflow + - Type: Warning - Contract: Rubixi - Function name: `_function_0xd11f13df` - PC address: 2743 + + ### Description + A possible integer underflow exists in the function `_function_0xd11f13df`. The subtraction may result in a value < 0. @@ -93,13 +128,19 @@ In */inputs/rubixi.sol:143* ``` participants.length - payoutOrder ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Rubixi - Function name: `_function_0x4229616d` - PC address: 1599 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/rubixi.sol:93* @@ -107,13 +148,19 @@ In */inputs/rubixi.sol:93* ``` creator.send(feesToCollect) ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Rubixi - Function name: `_function_0xb4022950` - PC address: 1940 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/rubixi.sol:75* @@ -121,13 +168,19 @@ In */inputs/rubixi.sol:75* ``` creator.send(collectedFees) ``` + + ## Unchecked CALL return value + - Type: Informational - Contract: Rubixi - Function name: `_function_0xb4022950` - PC address: 2582 + + ### Description + The return value of an external call is not checked. Note that execution continue even if the called contract throws. In */inputs/rubixi.sol:85* diff --git a/tests/testdata/outputs_expected/suicide.sol.markdown b/tests/testdata/outputs_expected/suicide.sol.markdown index 1a9905fd..737ebd04 100644 --- a/tests/testdata/outputs_expected/suicide.sol.markdown +++ b/tests/testdata/outputs_expected/suicide.sol.markdown @@ -1,12 +1,17 @@ -# Analysis Results + + ## Unchecked SUICIDE + - Type: Warning - Contract: Suicide - Function name: `_function_0xcbf0b0c0` - PC address: 146 + + ### Description -The function _function_0xcbf0b0c0 executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. + +The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument. It seems that this function can be called without restrictions. diff --git a/tests/testdata/outputs_expected/underflow.sol.markdown b/tests/testdata/outputs_expected/underflow.sol.markdown index 6d5e82c6..401a2897 100644 --- a/tests/testdata/outputs_expected/underflow.sol.markdown +++ b/tests/testdata/outputs_expected/underflow.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Integer Underflow + - Type: Warning - Contract: Under - Function name: `sendeth(address,uint256)` - PC address: 649 + + ### Description + A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. @@ -14,13 +19,19 @@ In */inputs/underflow.sol:12* ``` balances[msg.sender] -= _value ``` + + ## Integer Overflow + - Type: Warning - Contract: Under - Function name: `sendeth(address,uint256)` - PC address: 725 + + ### Description + A possible integer overflow exists in the function `sendeth(address,uint256)`. The addition may result in a value higher than the maximum representable integer. @@ -29,13 +40,19 @@ In */inputs/underflow.sol:13* ``` balances[_to] += _value ``` + + ## Integer Underflow + - Type: Warning - Contract: Under - Function name: `sendeth(address,uint256)` - PC address: 567 + + ### Description + A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. diff --git a/tests/testdata/outputs_expected/weak_random.sol.markdown b/tests/testdata/outputs_expected/weak_random.sol.markdown index fa89a30e..7455b321 100644 --- a/tests/testdata/outputs_expected/weak_random.sol.markdown +++ b/tests/testdata/outputs_expected/weak_random.sol.markdown @@ -1,11 +1,16 @@ -# Analysis Results + + ## Dependence on predictable environment variable + - Type: Warning - Contract: WeakRandom - Function name: `_function_0xe9874106` - PC address: 1285 + + ### Description + In the function `'_function_0xe9874106'` the following predictable state variables are used to determine Ether recipient: - block.coinbase @@ -15,13 +20,19 @@ In */inputs/weak_random.sol:47* ``` winningAddress.transfer(prize) ``` + + ## Ether send + - Type: Warning - Contract: WeakRandom - Function name: `_function_0xe9874106` - PC address: 1285 + + ### Description + In the function `'_function_0xe9874106'` a non-zero amount of Ether is sent to an address taken from storage slot 0. There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. @@ -33,13 +44,19 @@ In */inputs/weak_random.sol:47* ``` winningAddress.transfer(prize) ``` + + ## Exception state + - Type: Informational - Contract: WeakRandom - Function name: `fallback` - PC address: 356 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/weak_random.sol:11* @@ -47,13 +64,19 @@ In */inputs/weak_random.sol:11* ``` prize / totalTickets ``` + + ## Exception state + - Type: Informational - Contract: WeakRandom - Function name: `_function_0xe9874106` - PC address: 146 + + ### Description + A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. In */inputs/weak_random.sol:11* @@ -61,13 +84,19 @@ In */inputs/weak_random.sol:11* ``` prize / totalTickets ``` + + ## Integer Overflow + - Type: Warning - Contract: WeakRandom - Function name: `_function_0xe9874106` - PC address: 1216 + + ### Description + A possible integer overflow exists in the function `_function_0xe9874106`. The addition may result in a value higher than the maximum representable integer. @@ -76,13 +105,19 @@ In */inputs/weak_random.sol:45* ``` gameId++ ``` + + ## Integer Overflow + - Type: Warning - Contract: WeakRandom - Function name: `_function_0xe9874106` - PC address: 262 + + ### Description + A possible integer overflow exists in the function `_function_0xe9874106`. The addition may result in a value higher than the maximum representable integer.