From c4c932e1aa49815bf8d5a5d4e97ac66ba9cb6726 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Mon, 10 Jun 2019 20:28:17 +0530 Subject: [PATCH 1/5] Mythril v0.20.9 --- mythril/__version__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mythril/__version__.py b/mythril/__version__.py index 47e8bec6..0917f2ac 100644 --- a/mythril/__version__.py +++ b/mythril/__version__.py @@ -4,4 +4,4 @@ This file is suitable for sourcing inside POSIX shell, e.g. bash as well as for importing into Python. """ -__version__ = "v0.20.8" +__version__ = "v0.20.9" From 4d16e8f7fb986e5ec75850fb50878edca7ced3af Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 11 Jun 2019 15:20:27 +0530 Subject: [PATCH 2/5] Fix suicide module by constraining to attacker (#1071) --- mythril/analysis/modules/suicide.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mythril/analysis/modules/suicide.py b/mythril/analysis/modules/suicide.py index abe38ac9..57c593e2 100644 --- a/mythril/analysis/modules/suicide.py +++ b/mythril/analysis/modules/suicide.py @@ -4,6 +4,7 @@ from mythril.analysis.swc_data import UNPROTECTED_SELFDESTRUCT from mythril.exceptions import UnsatError from mythril.analysis.modules.base import DetectionModule from mythril.laser.ethereum.state.global_state import GlobalState +from mythril.laser.ethereum.transaction.symbolic import ATTACKER_ADDRESS import logging import json @@ -57,13 +58,16 @@ class SuicideModule(DetectionModule): ) description_head = "The contract can be killed by anyone." - + caller = state.current_transaction.caller try: try: transaction_sequence = solver.get_transaction_sequence( state, state.mstate.constraints - + [to == 0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF], + + [ + to == 0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF, + caller == ATTACKER_ADDRESS, + ], ) description_tail = ( "Anyone can kill this contract and withdraw its balance to an arbitrary " @@ -71,7 +75,7 @@ class SuicideModule(DetectionModule): ) except UnsatError: transaction_sequence = solver.get_transaction_sequence( - state, state.mstate.constraints + state, state.mstate.constraints + [caller == ATTACKER_ADDRESS] ) description_tail = "Arbitrary senders can kill this contract." From 1204e80863e67ac1eebf41dbebc41f7fc0c5cb00 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 12 Jun 2019 11:32:30 +0530 Subject: [PATCH 3/5] Change mythril-classic to Mythril --- docs/source/about.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/about.rst b/docs/source/about.rst index edfdc308..169fe4f7 100644 --- a/docs/source/about.rst +++ b/docs/source/about.rst @@ -1,6 +1,6 @@ -What is Mythril Classic? +What is Mythril? ======================== -Mythril Classic is a security analysis tool for Ethereum smart contracts. It was `introduced at HITBSecConf 2018 `_. +Mythril is a security analysis tool for Ethereum smart contracts. It was `introduced at HITBSecConf 2018 `_. -Mythril Classic detects a range of security issues, including integer underflows, owner-overwrite-to-Ether-withdrawal, and others. Note that Mythril is targeted at finding common vulnerabilities, and is not able to discover issues in the business logic of an application. Furthermore, Mythril and symbolic executors are generally unsound, as they are often unable to explore all possible states of a program. +Mythril detects a range of security issues, including integer underflows, owner-overwrite-to-Ether-withdrawal, and others. Note that Mythril is targeted at finding common vulnerabilities, and is not able to discover issues in the business logic of an application. Furthermore, Mythril and symbolic executors are generally unsound, as they are often unable to explore all possible states of a program. From 5737b8db5239373fadf6235c92f90f8f4c228b3d Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 12 Jun 2019 11:33:22 +0530 Subject: [PATCH 4/5] Change mythril-classic to Mythril --- docs/source/analysis-modules.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/analysis-modules.rst b/docs/source/analysis-modules.rst index e6e33790..d1751547 100644 --- a/docs/source/analysis-modules.rst +++ b/docs/source/analysis-modules.rst @@ -1,7 +1,7 @@ Analysis Modules ================ -Mythril Classic's detection capabilities are written in modules in the `/analysis/modules `_ directory. +Mythril's detection capabilities are written in modules in the `/analysis/modules `_ directory. .. toctree:: From 93f882123f923dfac186ca15f7cc23b80f0701b8 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 12 Jun 2019 12:06:04 +0530 Subject: [PATCH 5/5] fix docs (#1072) * Remove classic in mythril-classic * Reformat with black --- .circleci/config.yml | 6 +++--- docs/source/conf.py | 20 ++++++-------------- docs/source/create-module.rst | 2 +- docs/source/index.rst | 2 +- docs/source/module-list.rst | 22 +++++++++++----------- docs/source/security-analysis.rst | 2 +- 6 files changed, 23 insertions(+), 31 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 46a67785..42d12a89 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -89,10 +89,10 @@ jobs: working_directory: /home steps: - checkout: - path: /home/mythril-classic + path: /home/mythril - run: - name: Builds `mythril-classic` - command: cd mythril-classic && python3 setup.py install + name: Builds `mythril` + command: cd mythril && python3 setup.py install - run: name: Installs other MythX components command: | diff --git a/docs/source/conf.py b/docs/source/conf.py index 7169c4fa..1c06fbc4 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -108,7 +108,7 @@ html_static_path = ["_static"] # -- Options for HTMLHelp output --------------------------------------------- # Output file base name for HTML help builder. -htmlhelp_basename = "MythrilClassicdoc" +htmlhelp_basename = "Mythrildoc" # -- Options for LaTeX output ------------------------------------------------ @@ -132,13 +132,7 @@ latex_elements = { # (source start file, target name, title, # author, documentclass [howto, manual, or own class]). latex_documents = [ - ( - master_doc, - "MythrilClassic.tex", - "Mythril Classic Documentation", - "Bernhard Mueller", - "manual", - ) + (master_doc, "Mythril.tex", "Mythril Documentation", "Bernhard Mueller", "manual") ] @@ -146,9 +140,7 @@ latex_documents = [ # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). -man_pages = [ - (master_doc, "mythrilclassic", "Mythril Classic Documentation", [author], 1) -] +man_pages = [(master_doc, "mythril", "Mythril Documentation", [author], 1)] # -- Options for Texinfo output ---------------------------------------------- @@ -159,10 +151,10 @@ man_pages = [ texinfo_documents = [ ( master_doc, - "MythrilClassic", - "Mythril Classic Documentation", + "Mythril", + "Mythril Documentation", author, - "MythrilClassic", + "Mythril", "One line description of project.", "Miscellaneous", ) diff --git a/docs/source/create-module.rst b/docs/source/create-module.rst index 84aa2cc4..7f6ef505 100644 --- a/docs/source/create-module.rst +++ b/docs/source/create-module.rst @@ -1,4 +1,4 @@ Creating a Module ================= -Create a module in the :code:`analysis/modules` directory, and create an instance of a class that inherits :code:`DetectionModule` named :code:`detector`. Take a look at the `suicide module `_ as an example. +Create a module in the :code:`analysis/modules` directory, and create an instance of a class that inherits :code:`DetectionModule` named :code:`detector`. Take a look at the `suicide module `_ as an example. diff --git a/docs/source/index.rst b/docs/source/index.rst index 9bbabc49..e3f9df42 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -1,4 +1,4 @@ -Welcome to Mythril Classic's documentation! +Welcome to Mythril's documentation! =========================================== .. toctree:: diff --git a/docs/source/module-list.rst b/docs/source/module-list.rst index 89a5cb05..11c40d02 100644 --- a/docs/source/module-list.rst +++ b/docs/source/module-list.rst @@ -5,65 +5,65 @@ Modules Delegate Call To Untrusted Contract *********************************** -The `delegatecall module `_ detects `SWC-112 (DELEGATECALL to Untrusted Callee) `_. +The `delegatecall module `_ detects `SWC-112 (DELEGATECALL to Untrusted Callee) `_. *********************************** Dependence on Predictable Variables *********************************** -The `predictable variables module `_ detects `SWC-120 (Weak Randomness) `_ and `SWC-116 (Timestamp Dependence) `_. +The `predictable variables module `_ detects `SWC-120 (Weak Randomness) `_ and `SWC-116 (Timestamp Dependence) `_. ****************** Deprecated Opcodes ****************** -The `deprecated opcodes module `_ detects `SWC-111 (Use of Deprecated Functions) `_. +The `deprecated opcodes module `_ detects `SWC-111 (Use of Deprecated Functions) `_. *********** Ether Thief *********** -The `Ether Thief module `_ detects `SWC-105 (Unprotected Ether Withdrawal) `_. +The `Ether Thief module `_ detects `SWC-105 (Unprotected Ether Withdrawal) `_. ********** Exceptions ********** -The `exceptions module `_ detects `SWC-110 (Assert Violation) `_. +The `exceptions module `_ detects `SWC-110 (Assert Violation) `_. ************** External Calls ************** -The `external calls module `_ warns about `SWC-117 (Reentrancy) `_ by detecting calls to external contracts. +The `external calls module `_ warns about `SWC-117 (Reentrancy) `_ by detecting calls to external contracts. ******* Integer ******* -The `integer module `_ detects `SWC-101 (Integer Overflow and Underflow) `_. +The `integer module `_ detects `SWC-101 (Integer Overflow and Underflow) `_. ************** Multiple Sends ************** -The `multiple sends module `_ detects `SWC-113 (Denial of Service with Failed Call) `_ by checking for multiple calls or sends in a single transaction. +The `multiple sends module `_ detects `SWC-113 (Denial of Service with Failed Call) `_ by checking for multiple calls or sends in a single transaction. ******* Suicide ******* -The `suicide module `_ detects `SWC-106 (Unprotected SELFDESTRUCT) `_. +The `suicide module `_ detects `SWC-106 (Unprotected SELFDESTRUCT) `_. **************************** State Change External Calls **************************** -The `state change external calls module `_ detects `SWC-107 (Reentrancy) `_ by detecting state change after calls to an external contract. +The `state change external calls module `_ detects `SWC-107 (Reentrancy) `_ by detecting state change after calls to an external contract. **************** Unchecked Retval **************** -The `unchecked retval module `_ detects `SWC-104 (Unchecked Call Return Value) `_. +The `unchecked retval module `_ detects `SWC-104 (Unchecked Call Return Value) `_. diff --git a/docs/source/security-analysis.rst b/docs/source/security-analysis.rst index afe348a4..4cd1010e 100644 --- a/docs/source/security-analysis.rst +++ b/docs/source/security-analysis.rst @@ -1,7 +1,7 @@ Security Analysis ================= -Run :code:`myth -x` with one of the input options described below will run the analysis modules in the `/analysis/modules `_ directory. +Run :code:`myth -x` with one of the input options described below will run the analysis modules in the `/analysis/modules `_ directory. *********************** Analyzing Solidity Code