Merge pull request #636 from JoranHonig/bugfix/633_reentrancy

Bugfix 633 State change after external call
6 years ago · 405f26fab8
parent 7cc4d6cdee 31a8107daf
commit 405f26fab8
1 changed files with 17 additions and 8 deletions
--- a/mythril/analysis/modules/external_calls.py
+++ b/mythril/analysis/modules/external_calls.py
@ -5,7 +5,7 @@ from mythril.analysis import solver
 from mythril.analysis.swc_data import REENTRANCY
 import re
 import logging
-
+from mythril.laser.ethereum.cfg import JumpType

 """
 MODULE DESCRIPTION:
@ -16,7 +16,9 @@ Check for call.value()() to external addresses
 MAX_SEARCH_DEPTH = 64


-def search_children(statespace, node, start_index=0, depth=0, results=None):
+def search_children(
+    statespace, node, transaction_id, start_index=0, depth=0, results=None
+):
    if results is None:
        results = []
    logging.debug("SEARCHING NODE %d", node.uid)
@ -28,19 +30,21 @@ def search_children(statespace, node, start_index=0, depth=0, results=None):
        if n_states > start_index:

            for j in range(start_index, n_states):
-                if node.states[j].get_current_instruction()["opcode"] == "SSTORE":
+                if (
+                    node.states[j].get_current_instruction()["opcode"] == "SSTORE"
+                    and node.states[j].current_transaction.id == transaction_id
+                ):
                    results.append(node.states[j].get_current_instruction()["address"])
-
        children = []

        for edge in statespace.edges:
-            if edge.node_from == node.uid:
+            if edge.node_from == node.uid and edge.type != JumpType.Transaction:
                children.append(statespace.nodes[edge.node_to])

        if len(children):
            for node in children:
-                return search_children(
-                    statespace, node, depth=depth + 1, results=results
+                results += search_children(
+                    statespace, node, transaction_id, depth=depth + 1, results=results
                )

    return results
@ -150,7 +154,12 @@ def execute(statespace):
                    # Check for SSTORE in remaining instructions in current node & nodes down the CFG

                    state_change_addresses = search_children(
-                        statespace, call.node, call.state_index + 1, depth=0, results=[]
+                        statespace,
+                        call.node,
+                        call.state.current_transaction.id,
+                        call.state_index + 1,
+                        depth=0,
+                        results=[],
                    )

                    logging.debug(