mirror of https://github.com/ConsenSys/mythril
commit
3da602ff73
@ -0,0 +1,84 @@ |
|||||||
|
from mythril.laser.ethereum.svm import LaserEVM |
||||||
|
from time import time |
||||||
|
import matplotlib.pyplot as plt |
||||||
|
import logging |
||||||
|
|
||||||
|
log = logging.getLogger(__name__) |
||||||
|
|
||||||
|
|
||||||
|
class BenchmarkPlugin: |
||||||
|
"""Benchmark Plugin |
||||||
|
|
||||||
|
This plugin aggregates the following information: |
||||||
|
- duration |
||||||
|
- code coverage over time |
||||||
|
- final code coverage |
||||||
|
- total number of executed instructions |
||||||
|
|
||||||
|
""" |
||||||
|
|
||||||
|
def __init__(self, name=None): |
||||||
|
"""Creates BenchmarkPlugin |
||||||
|
|
||||||
|
:param name: name of this benchmark, used for storing the results |
||||||
|
""" |
||||||
|
self.nr_of_executed_insns = 0 |
||||||
|
self.begin = None |
||||||
|
self.end = None |
||||||
|
self.coverage = {} |
||||||
|
self.name = name |
||||||
|
|
||||||
|
def initialize(self, symbolic_vm: LaserEVM): |
||||||
|
"""Initializes the BenchmarkPlugin |
||||||
|
|
||||||
|
Introduces hooks in symbolic_vm to track the desired values |
||||||
|
:param symbolic_vm: Symbolic virtual machine to analyze |
||||||
|
""" |
||||||
|
self._reset() |
||||||
|
|
||||||
|
@symbolic_vm.laser_hook("execute_state") |
||||||
|
def execute_state_hook(_): |
||||||
|
current_time = time() - self.begin |
||||||
|
self.nr_of_executed_insns += 1 |
||||||
|
|
||||||
|
for key, value in symbolic_vm.coverage.items(): |
||||||
|
try: |
||||||
|
self.coverage[key][current_time] = sum(value[1]) * 100 / value[0] |
||||||
|
except KeyError: |
||||||
|
self.coverage[key] = {} |
||||||
|
self.coverage[key][current_time] = sum(value[1]) * 100 / value[0] |
||||||
|
|
||||||
|
@symbolic_vm.laser_hook("start_sym_exec") |
||||||
|
def start_sym_exec_hook(): |
||||||
|
self.begin = time() |
||||||
|
|
||||||
|
@symbolic_vm.laser_hook("stop_sym_exec") |
||||||
|
def stop_sym_exec_hook(): |
||||||
|
self.end = time() |
||||||
|
|
||||||
|
self._write_to_graph() |
||||||
|
self._store_report() |
||||||
|
|
||||||
|
def _reset(self): |
||||||
|
"""Reset this plugin""" |
||||||
|
self.nr_of_executed_insns = 0 |
||||||
|
self.begin = None |
||||||
|
self.end = None |
||||||
|
self.coverage = {} |
||||||
|
|
||||||
|
def _store_report(self): |
||||||
|
"""Store the results of this plugin""" |
||||||
|
pass |
||||||
|
|
||||||
|
def _write_to_graph(self): |
||||||
|
"""Write the coverage results to a graph""" |
||||||
|
traces = [] |
||||||
|
for byte_code, trace_data in self.coverage.items(): |
||||||
|
traces += [list(trace_data.keys()), list(trace_data.values()), "r--"] |
||||||
|
|
||||||
|
plt.plot(*traces) |
||||||
|
plt.axis([0, self.end - self.begin, 0, 100]) |
||||||
|
plt.xlabel("Duration (seconds)") |
||||||
|
plt.ylabel("Coverage (percentage)") |
||||||
|
|
||||||
|
plt.savefig("{}.png".format(self.name)) |
@ -0,0 +1,3 @@ |
|||||||
|
from mythril.laser.smt.solver.solver import Solver, Optimize, BaseSolver |
||||||
|
from mythril.laser.smt.solver.independence_solver import IndependenceSolver |
||||||
|
from mythril.laser.smt.solver.solver_statistics import SolverStatistics |
@ -0,0 +1,43 @@ |
|||||||
|
from time import time |
||||||
|
|
||||||
|
from mythril.support.support_utils import Singleton |
||||||
|
|
||||||
|
from typing import Callable |
||||||
|
|
||||||
|
|
||||||
|
def stat_smt_query(func: Callable): |
||||||
|
"""Measures statistics for annotated smt query check function""" |
||||||
|
stat_store = SolverStatistics() |
||||||
|
|
||||||
|
def function_wrapper(*args, **kwargs): |
||||||
|
if not stat_store.enabled: |
||||||
|
return func(*args, **kwargs) |
||||||
|
|
||||||
|
stat_store.query_count += 1 |
||||||
|
begin = time() |
||||||
|
|
||||||
|
result = func(*args, **kwargs) |
||||||
|
|
||||||
|
end = time() |
||||||
|
stat_store.solver_time += end - begin |
||||||
|
|
||||||
|
return result |
||||||
|
|
||||||
|
return function_wrapper |
||||||
|
|
||||||
|
|
||||||
|
class SolverStatistics(object, metaclass=Singleton): |
||||||
|
""" Solver Statistics Class |
||||||
|
|
||||||
|
Keeps track of the important statistics around smt queries |
||||||
|
""" |
||||||
|
|
||||||
|
def __init__(self): |
||||||
|
self.enabled = False |
||||||
|
self.query_count = 0 |
||||||
|
self.solver_time = 0 |
||||||
|
|
||||||
|
def __repr__(self): |
||||||
|
return "Query count: {} \nSolver time: {}".format( |
||||||
|
self.query_count, self.solver_time |
||||||
|
) |
@ -1 +1,110 @@ |
|||||||
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", "function": "thisisfine()", "max_gas_used": 1254, "min_gas_used": 643, "severity": "Low", "sourceMap": null, "swc-id": "107", "title": "External Call To Fixed Address"}, {"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "thisisfine()", "max_gas_used": 35972, "min_gas_used": 1361, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", "function": "callstoredaddress()", "max_gas_used": 1298, "min_gas_used": 687, "severity": "Low", "sourceMap": null, "swc-id": "107", "title": "External Call To Fixed Address"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "callstoredaddress()", "max_gas_used": 36016, "min_gas_used": 1405, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", "function": "reentrancy()", "max_gas_used": 1320, "min_gas_used": 709, "severity": "Low", "sourceMap": null, "swc-id": "107", "title": "External Call To Fixed Address"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "reentrancy()", "max_gas_used": 61052, "min_gas_used": 6441, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "function": "calluseraddress(address)", "max_gas_used": 616, "min_gas_used": 335, "severity": "Medium", "sourceMap": null, "swc-id": "107", "title": "External Call To User-Supplied Address"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "calluseraddress(address)", "max_gas_used": 35336, "min_gas_used": 1055, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 661, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", |
||||||
|
"function": "thisisfine()", |
||||||
|
"max_gas_used": 1254, |
||||||
|
"min_gas_used": 643, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To Fixed Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 661, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "thisisfine()", |
||||||
|
"max_gas_used": 35972, |
||||||
|
"min_gas_used": 1361, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 779, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", |
||||||
|
"function": "callstoredaddress()", |
||||||
|
"max_gas_used": 1298, |
||||||
|
"min_gas_used": 687, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To Fixed Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 779, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "callstoredaddress()", |
||||||
|
"max_gas_used": 36016, |
||||||
|
"min_gas_used": 1405, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 858, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", |
||||||
|
"function": "reentrancy()", |
||||||
|
"max_gas_used": 1320, |
||||||
|
"min_gas_used": 709, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To Fixed Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 858, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "reentrancy()", |
||||||
|
"max_gas_used": 61052, |
||||||
|
"min_gas_used": 6441, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 912, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", |
||||||
|
"function": "calluseraddress(address)", |
||||||
|
"max_gas_used": 616, |
||||||
|
"min_gas_used": 335, |
||||||
|
"severity": "Medium", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To User-Supplied Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 912, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "calluseraddress(address)", |
||||||
|
"max_gas_used": 35336, |
||||||
|
"min_gas_used": 1055, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,5 @@ |
|||||||
{"error": null, "issues": [], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,58 @@ |
|||||||
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", "function": "assert3(uint256)", "max_gas_used": 301, "min_gas_used": 206, "severity": "Low", "sourceMap": null, "swc-id": "110", "title": "Exception State"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", "function": "arrayaccess(uint256)", "max_gas_used": 351, "min_gas_used": 256, "severity": "Low", "sourceMap": null, "swc-id": "110", "title": "Exception State"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", "function": "divisionby0(uint256)", "max_gas_used": 367, "min_gas_used": 272, "severity": "Low", "sourceMap": null, "swc-id": "110", "title": "Exception State"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", "function": "assert1()", "max_gas_used": 363, "min_gas_used": 268, "severity": "Low", "sourceMap": null, "swc-id": "110", "title": "Exception State"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 446, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
||||||
|
"function": "assert3(uint256)", |
||||||
|
"max_gas_used": 301, |
||||||
|
"min_gas_used": 206, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "110", |
||||||
|
"title": "Exception State" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 484, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
||||||
|
"function": "arrayaccess(uint256)", |
||||||
|
"max_gas_used": 351, |
||||||
|
"min_gas_used": 256, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "110", |
||||||
|
"title": "Exception State" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 506, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
||||||
|
"function": "divisionby0(uint256)", |
||||||
|
"max_gas_used": 367, |
||||||
|
"min_gas_used": 272, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "110", |
||||||
|
"title": "Exception State" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 531, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
||||||
|
"function": "assert1()", |
||||||
|
"max_gas_used": 363, |
||||||
|
"min_gas_used": 268, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "110", |
||||||
|
"title": "Exception State" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,71 @@ |
|||||||
{"error": null, "issues": [{"address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x141f32ff", "max_gas_used": 35865, "min_gas_used": 1113, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}, {"address": 618, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", "function": "_function_0x141f32ff", "max_gas_used": 1141, "min_gas_used": 389, "severity": "Medium", "sourceMap": null, "swc-id": "111", "title": "Use of callcode"}, {"address": 849, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0x9b58bc26", "max_gas_used": 35922, "min_gas_used": 1170, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "function": "_function_0xeea4c864", "max_gas_used": 1223, "min_gas_used": 471, "severity": "Medium", "sourceMap": null, "swc-id": "107", "title": "External Call To User-Supplied Address"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "_function_0xeea4c864", "max_gas_used": 35947, "min_gas_used": 1195, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 618, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "_function_0x141f32ff", |
||||||
|
"max_gas_used": 35865, |
||||||
|
"min_gas_used": 1113, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 618, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", |
||||||
|
"function": "_function_0x141f32ff", |
||||||
|
"max_gas_used": 1141, |
||||||
|
"min_gas_used": 389, |
||||||
|
"severity": "Medium", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "111", |
||||||
|
"title": "Use of callcode" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 849, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "_function_0x9b58bc26", |
||||||
|
"max_gas_used": 35922, |
||||||
|
"min_gas_used": 1170, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 1038, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", |
||||||
|
"function": "_function_0xeea4c864", |
||||||
|
"max_gas_used": 1223, |
||||||
|
"min_gas_used": 471, |
||||||
|
"severity": "Medium", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To User-Supplied Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 1038, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "_function_0xeea4c864", |
||||||
|
"max_gas_used": 35947, |
||||||
|
"min_gas_used": 1195, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,5 @@ |
|||||||
{"error": null, "issues": [], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,19 @@ |
|||||||
{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", "function": "transfer()", "max_gas_used": 467, "min_gas_used": 186, "severity": "High", "sourceMap": null, "swc-id": "105", "title": "Unprotected Ether Withdrawal"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 142, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", |
||||||
|
"function": "transfer()", |
||||||
|
"max_gas_used": 467, |
||||||
|
"min_gas_used": 186, |
||||||
|
"severity": "High", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "105", |
||||||
|
"title": "Unprotected Ether Withdrawal" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,5 @@ |
|||||||
{"error": null, "issues": [], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [], |
||||||
|
"success": true |
||||||
|
} |
@ -1 +1,19 @@ |
|||||||
{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "max_gas_used": 1051, "min_gas_used": 626, "severity": "Medium", "sourceMap": null, "swc-id": "111", "title": "Use of tx.origin"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 317, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", |
||||||
|
"function": "transferOwnership(address)", |
||||||
|
"max_gas_used": 1051, |
||||||
|
"min_gas_used": 626, |
||||||
|
"severity": "Medium", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "111", |
||||||
|
"title": "Use of tx.origin" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1,29 +1,32 @@ |
|||||||
{ |
{ |
||||||
"error": null, |
"error": null, |
||||||
"issues": [{ |
"issues": [ |
||||||
|
{ |
||||||
"address": 567, |
"address": 567, |
||||||
"contract": "Unknown", |
"contract": "Unknown", |
||||||
"debug": "<DEBUG-DATA>", |
"debug": "<DEBUG-DATA>", |
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
||||||
"function": "sendeth(address,uint256)", |
"function": "sendeth(address,uint256)", |
||||||
"max_gas_used": 1053, |
"max_gas_used": 78152, |
||||||
"min_gas_used": 768, |
"min_gas_used": 17016, |
||||||
"severity": "High", |
"severity": "High", |
||||||
"sourceMap": null, |
"sourceMap": null, |
||||||
"swc-id": "101", |
"swc-id": "101", |
||||||
"title": "Integer Underflow" |
"title": "Integer Underflow" |
||||||
}, { |
}, |
||||||
|
{ |
||||||
"address": 649, |
"address": 649, |
||||||
"contract": "Unknown", |
"contract": "Unknown", |
||||||
"debug": "<DEBUG-DATA>", |
"debug": "<DEBUG-DATA>", |
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
||||||
"function": "sendeth(address,uint256)", |
"function": "sendeth(address,uint256)", |
||||||
"max_gas_used": 1774, |
"max_gas_used": 78152, |
||||||
"min_gas_used": 1299, |
"min_gas_used": 17016, |
||||||
"severity": "High", |
"severity": "High", |
||||||
"sourceMap": null, |
"sourceMap": null, |
||||||
"swc-id": "101", |
"swc-id": "101", |
||||||
"title": "Integer Underflow" |
"title": "Integer Underflow" |
||||||
}], |
} |
||||||
|
], |
||||||
"success": true |
"success": true |
||||||
} |
} |
@ -1 +1,45 @@ |
|||||||
{"error": null, "issues": [{"address": 196, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", "function": "callchecked()", "max_gas_used": 1210, "min_gas_used": 599, "severity": "Low", "sourceMap": null, "swc-id": "107", "title": "External Call To Fixed Address"}, {"address": 285, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", "function": "callnotchecked()", "max_gas_used": 1232, "min_gas_used": 621, "severity": "Low", "sourceMap": null, "swc-id": "107", "title": "External Call To Fixed Address"}, {"address": 285, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", "function": "callnotchecked()", "max_gas_used": 35950, "min_gas_used": 1339, "severity": "Low", "sourceMap": null, "swc-id": "104", "title": "Unchecked Call Return Value"}], "success": true} |
{ |
||||||
|
"error": null, |
||||||
|
"issues": [ |
||||||
|
{ |
||||||
|
"address": 196, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", |
||||||
|
"function": "callchecked()", |
||||||
|
"max_gas_used": 1210, |
||||||
|
"min_gas_used": 599, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To Fixed Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 285, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The contract executes an external message call.\nAn external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully.", |
||||||
|
"function": "callnotchecked()", |
||||||
|
"max_gas_used": 1232, |
||||||
|
"min_gas_used": 621, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "107", |
||||||
|
"title": "External Call To Fixed Address" |
||||||
|
}, |
||||||
|
{ |
||||||
|
"address": 285, |
||||||
|
"contract": "Unknown", |
||||||
|
"debug": "<DEBUG-DATA>", |
||||||
|
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
||||||
|
"function": "callnotchecked()", |
||||||
|
"max_gas_used": 35950, |
||||||
|
"min_gas_used": 1339, |
||||||
|
"severity": "Low", |
||||||
|
"sourceMap": null, |
||||||
|
"swc-id": "104", |
||||||
|
"title": "Unchecked Call Return Value" |
||||||
|
} |
||||||
|
], |
||||||
|
"success": true |
||||||
|
} |
@ -1,19 +1,19 @@ |
|||||||
{ |
{ |
||||||
"error" : null, |
"error": null, |
||||||
"issues" : [ |
"issues": [ |
||||||
{ |
{ |
||||||
"title" : "Unprotected Selfdestruct", |
"address": 146, |
||||||
"swc-id" : "106", |
"contract": "Unknown", |
||||||
"severity" : "High", |
"debug": "<DEBUG-DATA>", |
||||||
"contract" : "Unknown", |
"description": "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.", |
||||||
"description" : "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.", |
"function": "kill(address)", |
||||||
"function" : "kill(address)", |
"max_gas_used": 263, |
||||||
"min_gas_used" : 168, |
"min_gas_used": 168, |
||||||
"max_gas_used" : 263, |
"severity": "High", |
||||||
"debug" : "<DEBUG-DATA>", |
"sourceMap": null, |
||||||
"sourceMap" : null, |
"swc-id": "106", |
||||||
"address" : 146 |
"title": "Unprotected Selfdestruct" |
||||||
} |
} |
||||||
], |
], |
||||||
"success" : true |
"success": true |
||||||
} |
} |
@ -1,29 +1,32 @@ |
|||||||
{ |
{ |
||||||
"error": null, |
"error": null, |
||||||
"issues": [{ |
"issues": [ |
||||||
|
{ |
||||||
"address": 567, |
"address": 567, |
||||||
"contract": "Unknown", |
"contract": "Unknown", |
||||||
"debug": "<DEBUG-DATA>", |
"debug": "<DEBUG-DATA>", |
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
||||||
"function": "sendeth(address,uint256)", |
"function": "sendeth(address,uint256)", |
||||||
"max_gas_used": 1053, |
"max_gas_used": 52858, |
||||||
"min_gas_used": 768, |
"min_gas_used": 11912, |
||||||
"severity": "High", |
"severity": "High", |
||||||
"sourceMap": null, |
"sourceMap": null, |
||||||
"swc-id": "101", |
"swc-id": "101", |
||||||
"title": "Integer Underflow" |
"title": "Integer Underflow" |
||||||
}, { |
}, |
||||||
|
{ |
||||||
"address": 649, |
"address": 649, |
||||||
"contract": "Unknown", |
"contract": "Unknown", |
||||||
"debug": "<DEBUG-DATA>", |
"debug": "<DEBUG-DATA>", |
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
||||||
"function": "sendeth(address,uint256)", |
"function": "sendeth(address,uint256)", |
||||||
"max_gas_used": 1774, |
"max_gas_used": 52858, |
||||||
"min_gas_used": 1299, |
"min_gas_used": 11912, |
||||||
"severity": "High", |
"severity": "High", |
||||||
"sourceMap": null, |
"sourceMap": null, |
||||||
"swc-id": "101", |
"swc-id": "101", |
||||||
"title": "Integer Underflow" |
"title": "Integer Underflow" |
||||||
}], |
} |
||||||
|
], |
||||||
"success": true |
"success": true |
||||||
} |
} |
Loading…
Reference in new issue