mirror of https://github.com/ConsenSys/mythril
Merge pull request #1104 from ConsenSys/remove_report_tests
Remove report tests in favor of Edelweiss testspull/1106/head
commit
44baddaa67
@ -1,200 +0,0 @@ |
|||||||
from mythril.analysis.report import Report |
|
||||||
from mythril.analysis.security import fire_lasers, reset_callback_modules |
|
||||||
from mythril.analysis.symbolic import SymExecWrapper |
|
||||||
from mythril.ethereum import util |
|
||||||
from mythril.solidity.soliditycontract import EVMContract |
|
||||||
from multiprocessing import Pool, cpu_count |
|
||||||
import pytest |
|
||||||
import json |
|
||||||
from tests import * |
|
||||||
import difflib |
|
||||||
|
|
||||||
|
|
||||||
def _fix_path(text): |
|
||||||
return text.replace(str(TESTDATA), "<TESTDATA>") |
|
||||||
|
|
||||||
|
|
||||||
def _fix_debug_data(json_str): |
|
||||||
read_json = json.loads(json_str) |
|
||||||
for issue in read_json["issues"]: |
|
||||||
issue["tx_sequence"] = "<TX-DATA>" |
|
||||||
|
|
||||||
return json.dumps(read_json, sort_keys=True, indent=4) |
|
||||||
|
|
||||||
|
|
||||||
def _add_jsonv2_stubs(json_str): |
|
||||||
read_json = json.loads(json_str) |
|
||||||
for issue in read_json[0]["issues"]: |
|
||||||
issue["extra"]["discoveryTime"] = "<DISCOVERY-TIME-DATA>" |
|
||||||
issue["extra"]["testCase"] = "<TEST-CASE>" |
|
||||||
return json.dumps(read_json, sort_keys=True, indent=4) |
|
||||||
|
|
||||||
|
|
||||||
def _generate_report(input_file): |
|
||||||
contract = EVMContract(input_file.read_text(), enable_online_lookup=False) |
|
||||||
sym = SymExecWrapper( |
|
||||||
contract, |
|
||||||
address=0xAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFE, |
|
||||||
strategy="dfs", |
|
||||||
execution_timeout=30, |
|
||||||
transaction_count=1, |
|
||||||
) |
|
||||||
issues = fire_lasers(sym) |
|
||||||
|
|
||||||
report = Report(contracts=[contract]) |
|
||||||
for issue in issues: |
|
||||||
issue.filename = "test-filename.sol" |
|
||||||
report.append_issue(issue) |
|
||||||
return report, input_file |
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture(scope="module") |
|
||||||
def reports(): |
|
||||||
"""Fixture that analyses all reports.""" |
|
||||||
reset_callback_modules() |
|
||||||
pool = Pool(cpu_count()) |
|
||||||
input_files = sorted( |
|
||||||
[f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"] |
|
||||||
) |
|
||||||
results = pool.map(_generate_report, input_files) |
|
||||||
|
|
||||||
return results |
|
||||||
|
|
||||||
|
|
||||||
def _assert_empty(changed_files, postfix): |
|
||||||
"""Asserts there are no changed files and otherwise builds error |
|
||||||
message.""" |
|
||||||
message = "" |
|
||||||
for input_file in changed_files: |
|
||||||
output_expected = ( |
|
||||||
(TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)) |
|
||||||
.read_text() |
|
||||||
.splitlines(1) |
|
||||||
) |
|
||||||
output_current = ( |
|
||||||
(TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)) |
|
||||||
.read_text() |
|
||||||
.splitlines(1) |
|
||||||
) |
|
||||||
|
|
||||||
difference = "".join(difflib.unified_diff(output_expected, output_current)) |
|
||||||
message += "Found differing file for input: {} \n Difference: \n {} \n".format( |
|
||||||
str(input_file), str(difference) |
|
||||||
) |
|
||||||
|
|
||||||
assert message == "", message |
|
||||||
|
|
||||||
|
|
||||||
def _assert_empty_json(changed_files, postfix=".json"): |
|
||||||
"""Asserts there are no changed files and otherwise builds error |
|
||||||
message.""" |
|
||||||
expected = [] |
|
||||||
actual = [] |
|
||||||
|
|
||||||
def ordered(obj): |
|
||||||
""" |
|
||||||
|
|
||||||
:param obj: |
|
||||||
:return: |
|
||||||
""" |
|
||||||
if isinstance(obj, dict): |
|
||||||
return sorted((k, ordered(v)) for k, v in obj.items()) |
|
||||||
elif isinstance(obj, list): |
|
||||||
return sorted(ordered(x) for x in obj) |
|
||||||
else: |
|
||||||
return obj |
|
||||||
|
|
||||||
for input_file in changed_files: |
|
||||||
output_expected = json.loads( |
|
||||||
(TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text() |
|
||||||
) |
|
||||||
output_current = json.loads( |
|
||||||
(TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text() |
|
||||||
) |
|
||||||
|
|
||||||
if not ordered(output_expected) == ordered(output_current): |
|
||||||
expected.append(output_expected) |
|
||||||
actual.append(output_current) |
|
||||||
print("Found difference in {}".format(str(input_file))) |
|
||||||
|
|
||||||
assert expected == actual |
|
||||||
|
|
||||||
|
|
||||||
def _get_changed_files(postfix, report_builder, reports): |
|
||||||
"""Returns a generator for all unexpected changes in generated reports. |
|
||||||
|
|
||||||
:param postfix: The applicable postfix |
|
||||||
:param report_builder: serialization function |
|
||||||
:param reports: The reports to serialize |
|
||||||
:return: Changed files |
|
||||||
""" |
|
||||||
for report, input_file in reports: |
|
||||||
output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) |
|
||||||
output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) |
|
||||||
output_current.write_text(report_builder(report)) |
|
||||||
if not (output_expected.read_text() == output_current.read_text()): |
|
||||||
yield input_file |
|
||||||
|
|
||||||
|
|
||||||
def _get_changed_files_json(report_builder, reports, postfix=".json"): |
|
||||||
def ordered(obj): |
|
||||||
""" |
|
||||||
|
|
||||||
:param obj: |
|
||||||
:return: |
|
||||||
""" |
|
||||||
if isinstance(obj, dict): |
|
||||||
return sorted((k, ordered(v)) for k, v in obj.items()) |
|
||||||
elif isinstance(obj, list): |
|
||||||
return sorted(ordered(x) for x in obj) |
|
||||||
else: |
|
||||||
return obj |
|
||||||
|
|
||||||
for report, input_file in reports: |
|
||||||
output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) |
|
||||||
output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) |
|
||||||
output_current.write_text(report_builder(report)) |
|
||||||
|
|
||||||
if not ordered(json.loads(output_expected.read_text())) == ordered( |
|
||||||
json.loads(output_current.read_text()) |
|
||||||
): |
|
||||||
yield input_file |
|
||||||
|
|
||||||
|
|
||||||
def test_json_report(reports): |
|
||||||
_assert_empty_json( |
|
||||||
_get_changed_files_json( |
|
||||||
lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports |
|
||||||
) |
|
||||||
) |
|
||||||
|
|
||||||
|
|
||||||
def test_markdown_report(reports): |
|
||||||
_assert_empty( |
|
||||||
_get_changed_files( |
|
||||||
".markdown", lambda report: _fix_path(report.as_markdown()), reports |
|
||||||
), |
|
||||||
".markdown", |
|
||||||
) |
|
||||||
|
|
||||||
|
|
||||||
def test_text_report(reports): |
|
||||||
_assert_empty( |
|
||||||
_get_changed_files( |
|
||||||
".text", lambda report: _fix_path(report.as_text()), reports |
|
||||||
), |
|
||||||
".text", |
|
||||||
) |
|
||||||
|
|
||||||
|
|
||||||
def test_jsonv2_report(reports): |
|
||||||
_assert_empty_json( |
|
||||||
_get_changed_files_json( |
|
||||||
lambda report: _fix_path( |
|
||||||
_add_jsonv2_stubs(report.as_swc_standard_format()) |
|
||||||
).strip(), |
|
||||||
reports, |
|
||||||
".jsonv2", |
|
||||||
), |
|
||||||
".jsonv2", |
|
||||||
) |
|
@ -1,123 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 661, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "thisisfine()", |
|
||||||
"max_gas_used": 1254, |
|
||||||
"min_gas_used": 643, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 661, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "thisisfine()", |
|
||||||
"max_gas_used": 35972, |
|
||||||
"min_gas_used": 1361, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 779, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "callstoredaddress()", |
|
||||||
"max_gas_used": 1298, |
|
||||||
"min_gas_used": 687, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 779, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "callstoredaddress()", |
|
||||||
"max_gas_used": 36016, |
|
||||||
"min_gas_used": 1405, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 858, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "reentrancy()", |
|
||||||
"max_gas_used": 1320, |
|
||||||
"min_gas_used": 709, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 858, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "reentrancy()", |
|
||||||
"max_gas_used": 61052, |
|
||||||
"min_gas_used": 6441, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 869, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The contract account state is changed after an external call. \nConsider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", |
|
||||||
"function": "reentrancy()", |
|
||||||
"max_gas_used": null, |
|
||||||
"min_gas_used": null, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "State change after external call", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 912, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "calluseraddress(address)", |
|
||||||
"max_gas_used": 616, |
|
||||||
"min_gas_used": 335, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 912, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "calluseraddress(address)", |
|
||||||
"max_gas_used": 35336, |
|
||||||
"min_gas_used": 1055, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,174 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "661:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "779:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "858:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "912:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The contract account state is changed after an external call. ", |
|
||||||
"tail": "Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "869:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "661:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "779:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "858:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "912:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,118 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `thisisfine()` |
|
||||||
- PC address: 661 |
|
||||||
- Estimated Gas Usage: 643 - 1254 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `thisisfine()` |
|
||||||
- PC address: 661 |
|
||||||
- Estimated Gas Usage: 1361 - 35972 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `callstoredaddress()` |
|
||||||
- PC address: 779 |
|
||||||
- Estimated Gas Usage: 687 - 1298 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `callstoredaddress()` |
|
||||||
- PC address: 779 |
|
||||||
- Estimated Gas Usage: 1405 - 36016 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `reentrancy()` |
|
||||||
- PC address: 858 |
|
||||||
- Estimated Gas Usage: 709 - 1320 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `reentrancy()` |
|
||||||
- PC address: 858 |
|
||||||
- Estimated Gas Usage: 6441 - 61052 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
|
|
||||||
## State change after external call |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `reentrancy()` |
|
||||||
- PC address: 869 |
|
||||||
- Estimated Gas Usage: None - None |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The contract account state is changed after an external call. |
|
||||||
Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `calluseraddress(address)` |
|
||||||
- PC address: 912 |
|
||||||
- Estimated Gas Usage: 335 - 616 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `calluseraddress(address)` |
|
||||||
- PC address: 912 |
|
||||||
- Estimated Gas Usage: 1055 - 35336 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
@ -1,99 +0,0 @@ |
|||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: thisisfine() |
|
||||||
PC address: 661 |
|
||||||
Estimated Gas Usage: 643 - 1254 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: thisisfine() |
|
||||||
PC address: 661 |
|
||||||
Estimated Gas Usage: 1361 - 35972 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: callstoredaddress() |
|
||||||
PC address: 779 |
|
||||||
Estimated Gas Usage: 687 - 1298 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: callstoredaddress() |
|
||||||
PC address: 779 |
|
||||||
Estimated Gas Usage: 1405 - 36016 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: reentrancy() |
|
||||||
PC address: 858 |
|
||||||
Estimated Gas Usage: 709 - 1320 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: reentrancy() |
|
||||||
PC address: 858 |
|
||||||
Estimated Gas Usage: 6441 - 61052 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== State change after external call ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: reentrancy() |
|
||||||
PC address: 869 |
|
||||||
Estimated Gas Usage: None - None |
|
||||||
The contract account state is changed after an external call. |
|
||||||
Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: calluseraddress(address) |
|
||||||
PC address: 912 |
|
||||||
Estimated Gas Usage: 335 - 616 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: calluseraddress(address) |
|
||||||
PC address: 912 |
|
||||||
Estimated Gas Usage: 1055 - 35336 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,32 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 722, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", |
|
||||||
"function": "withdrawfunds()", |
|
||||||
"max_gas_used": 1749, |
|
||||||
"min_gas_used": 1138, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "105", |
|
||||||
"title": "Unprotected Ether Withdrawal", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 883, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", |
|
||||||
"function": "invest()", |
|
||||||
"max_gas_used": 26883, |
|
||||||
"min_gas_used": 6598, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Overflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,48 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "Anyone can withdraw ETH from the contract account.", |
|
||||||
"tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "722:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-105", |
|
||||||
"swcTitle": "Unprotected Ether Withdrawal" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary addition can overflow.", |
|
||||||
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "883:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x3746c7c2ae7b0d4c3f8b1905df9a7ea169b9f93bec68a10a00b4c9d27a18c6fb" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,27 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Unprotected Ether Withdrawal |
|
||||||
- SWC ID: 105 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `withdrawfunds()` |
|
||||||
- PC address: 722 |
|
||||||
- Estimated Gas Usage: 1138 - 1749 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
Anyone can withdraw ETH from the contract account. |
|
||||||
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. |
|
||||||
|
|
||||||
## Integer Overflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `invest()` |
|
||||||
- PC address: 883 |
|
||||||
- Estimated Gas Usage: 6598 - 26883 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
@ -1,22 +0,0 @@ |
|||||||
==== Unprotected Ether Withdrawal ==== |
|
||||||
SWC ID: 105 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: withdrawfunds() |
|
||||||
PC address: 722 |
|
||||||
Estimated Gas Usage: 1138 - 1749 |
|
||||||
Anyone can withdraw ETH from the contract account. |
|
||||||
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Integer Overflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: invest() |
|
||||||
PC address: 883 |
|
||||||
Estimated Gas Usage: 6598 - 26883 |
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,58 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 446, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
|
||||||
"function": "assert3(uint256)", |
|
||||||
"max_gas_used": 301, |
|
||||||
"min_gas_used": 206, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "110", |
|
||||||
"title": "Exception State", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 484, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
|
||||||
"function": "arrayaccess(uint256)", |
|
||||||
"max_gas_used": 351, |
|
||||||
"min_gas_used": 256, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "110", |
|
||||||
"title": "Exception State", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 506, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
|
||||||
"function": "divisionby0(uint256)", |
|
||||||
"max_gas_used": 367, |
|
||||||
"min_gas_used": 272, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "110", |
|
||||||
"title": "Exception State", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 531, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", |
|
||||||
"function": "assert1()", |
|
||||||
"max_gas_used": 363, |
|
||||||
"min_gas_used": 268, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "110", |
|
||||||
"title": "Exception State", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,84 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A reachable exception has been detected.", |
|
||||||
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "446:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-110", |
|
||||||
"swcTitle": "Assert Violation" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A reachable exception has been detected.", |
|
||||||
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "484:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-110", |
|
||||||
"swcTitle": "Assert Violation" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A reachable exception has been detected.", |
|
||||||
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "506:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-110", |
|
||||||
"swcTitle": "Assert Violation" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A reachable exception has been detected.", |
|
||||||
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "531:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-110", |
|
||||||
"swcTitle": "Assert Violation" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x4a773a86bc6fb269f88bf09bb3094de29b6073cf13b1760e9d01d957f50a9dfd" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,53 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Exception State |
|
||||||
- SWC ID: 110 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `assert3(uint256)` |
|
||||||
- PC address: 446 |
|
||||||
- Estimated Gas Usage: 206 - 301 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
|
|
||||||
## Exception State |
|
||||||
- SWC ID: 110 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `arrayaccess(uint256)` |
|
||||||
- PC address: 484 |
|
||||||
- Estimated Gas Usage: 256 - 351 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
|
|
||||||
## Exception State |
|
||||||
- SWC ID: 110 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `divisionby0(uint256)` |
|
||||||
- PC address: 506 |
|
||||||
- Estimated Gas Usage: 272 - 367 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
|
|
||||||
## Exception State |
|
||||||
- SWC ID: 110 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `assert1()` |
|
||||||
- PC address: 531 |
|
||||||
- Estimated Gas Usage: 268 - 363 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
@ -1,44 +0,0 @@ |
|||||||
==== Exception State ==== |
|
||||||
SWC ID: 110 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: assert3(uint256) |
|
||||||
PC address: 446 |
|
||||||
Estimated Gas Usage: 206 - 301 |
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Exception State ==== |
|
||||||
SWC ID: 110 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: arrayaccess(uint256) |
|
||||||
PC address: 484 |
|
||||||
Estimated Gas Usage: 256 - 351 |
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Exception State ==== |
|
||||||
SWC ID: 110 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: divisionby0(uint256) |
|
||||||
PC address: 506 |
|
||||||
Estimated Gas Usage: 272 - 367 |
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Exception State ==== |
|
||||||
SWC ID: 110 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: assert1() |
|
||||||
PC address: 531 |
|
||||||
Estimated Gas Usage: 268 - 363 |
|
||||||
A reachable exception has been detected. |
|
||||||
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,84 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 618, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "_function_0x141f32ff", |
|
||||||
"max_gas_used": 35865, |
|
||||||
"min_gas_used": 1113, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 618, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", |
|
||||||
"function": "_function_0x141f32ff", |
|
||||||
"max_gas_used": 1141, |
|
||||||
"min_gas_used": 389, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "111", |
|
||||||
"title": "Use of callcode", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 849, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The contract delegates execution to another contract with a user-supplied address.\nThe smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. ", |
|
||||||
"function": "_function_0x9b58bc26", |
|
||||||
"max_gas_used": 35928, |
|
||||||
"min_gas_used": 1176, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "112", |
|
||||||
"title": "Delegatecall Proxy To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 849, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "_function_0x9b58bc26", |
|
||||||
"max_gas_used": 35928, |
|
||||||
"min_gas_used": 1176, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 1038, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "_function_0xeea4c864", |
|
||||||
"max_gas_used": 1229, |
|
||||||
"min_gas_used": 477, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 1038, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "_function_0xeea4c864", |
|
||||||
"max_gas_used": 35953, |
|
||||||
"min_gas_used": 1201, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,120 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The contract delegates execution to another contract with a user-supplied address.", |
|
||||||
"tail": "The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. " |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "849:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-112", |
|
||||||
"swcTitle": "Delegatecall to Untrusted Callee" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "Use of callcode is deprecated.", |
|
||||||
"tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "618:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-111", |
|
||||||
"swcTitle": "Use of Deprecated Solidity Functions" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "1038:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "618:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "849:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "1038:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,79 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0x141f32ff` |
|
||||||
- PC address: 618 |
|
||||||
- Estimated Gas Usage: 1113 - 35865 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
|
|
||||||
## Use of callcode |
|
||||||
- SWC ID: 111 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0x141f32ff` |
|
||||||
- PC address: 618 |
|
||||||
- Estimated Gas Usage: 389 - 1141 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
Use of callcode is deprecated. |
|
||||||
The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. |
|
||||||
|
|
||||||
## Delegatecall Proxy To User-Supplied Address |
|
||||||
- SWC ID: 112 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0x9b58bc26` |
|
||||||
- PC address: 849 |
|
||||||
- Estimated Gas Usage: 1176 - 35928 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The contract delegates execution to another contract with a user-supplied address. |
|
||||||
The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0x9b58bc26` |
|
||||||
- PC address: 849 |
|
||||||
- Estimated Gas Usage: 1176 - 35928 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0xeea4c864` |
|
||||||
- PC address: 1038 |
|
||||||
- Estimated Gas Usage: 477 - 1229 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `_function_0xeea4c864` |
|
||||||
- PC address: 1038 |
|
||||||
- Estimated Gas Usage: 1201 - 35953 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
@ -1,66 +0,0 @@ |
|||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0x141f32ff |
|
||||||
PC address: 618 |
|
||||||
Estimated Gas Usage: 1113 - 35865 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Use of callcode ==== |
|
||||||
SWC ID: 111 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0x141f32ff |
|
||||||
PC address: 618 |
|
||||||
Estimated Gas Usage: 389 - 1141 |
|
||||||
Use of callcode is deprecated. |
|
||||||
The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Delegatecall Proxy To User-Supplied Address ==== |
|
||||||
SWC ID: 112 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0x9b58bc26 |
|
||||||
PC address: 849 |
|
||||||
Estimated Gas Usage: 1176 - 35928 |
|
||||||
The contract delegates execution to another contract with a user-supplied address. |
|
||||||
The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0x9b58bc26 |
|
||||||
PC address: 849 |
|
||||||
Estimated Gas Usage: 1176 - 35928 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0xeea4c864 |
|
||||||
PC address: 1038 |
|
||||||
Estimated Gas Usage: 477 - 1229 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: _function_0xeea4c864 |
|
||||||
PC address: 1038 |
|
||||||
Estimated Gas Usage: 1201 - 35953 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,5 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,11 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x0e6f727bb3301e02d3be831bf34357522fd2f1d40e90dff8e2214553b06b5f6c" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,3 +0,0 @@ |
|||||||
# Analysis results for None |
|
||||||
|
|
||||||
The analysis was completed successfully. No issues were detected. |
|
@ -1 +0,0 @@ |
|||||||
The analysis was completed successfully. No issues were detected. |
|
@ -1,19 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 142, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", |
|
||||||
"function": "transfer()", |
|
||||||
"max_gas_used": 467, |
|
||||||
"min_gas_used": 186, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "105", |
|
||||||
"title": "Unprotected Ether Withdrawal", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,30 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "Anyone can withdraw ETH from the contract account.", |
|
||||||
"tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "142:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-105", |
|
||||||
"swcTitle": "Unprotected Ether Withdrawal" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0xbc9c3d9db56d20cf4ca3b6fd88ff9215cf728a092cca1ed8edb83272b933ff5b" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,14 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Unprotected Ether Withdrawal |
|
||||||
- SWC ID: 105 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `transfer()` |
|
||||||
- PC address: 142 |
|
||||||
- Estimated Gas Usage: 186 - 467 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
Anyone can withdraw ETH from the contract account. |
|
||||||
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. |
|
@ -1,11 +0,0 @@ |
|||||||
==== Unprotected Ether Withdrawal ==== |
|
||||||
SWC ID: 105 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: transfer() |
|
||||||
PC address: 142 |
|
||||||
Estimated Gas Usage: 186 - 467 |
|
||||||
Anyone can withdraw ETH from the contract account. |
|
||||||
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,5 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,11 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x11a78eb09819f505ba4f10747e6d1f7a44480e602c67573b7abac2f733a85d93" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,3 +0,0 @@ |
|||||||
# Analysis results for None |
|
||||||
|
|
||||||
The analysis was completed successfully. No issues were detected. |
|
@ -1 +0,0 @@ |
|||||||
The analysis was completed successfully. No issues were detected. |
|
@ -1,19 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 317, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", |
|
||||||
"function": "transferOwnership(address)", |
|
||||||
"max_gas_used": 1051, |
|
||||||
"min_gas_used": 626, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "111", |
|
||||||
"title": "Use of tx.origin", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,30 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "Use of tx.origin is deprecated.", |
|
||||||
"tail": "The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin" |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "317:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-111", |
|
||||||
"swcTitle": "Use of Deprecated Solidity Functions" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,15 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Use of tx.origin |
|
||||||
- SWC ID: 111 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `transferOwnership(address)` |
|
||||||
- PC address: 317 |
|
||||||
- Estimated Gas Usage: 626 - 1051 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
Use of tx.origin is deprecated. |
|
||||||
The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. |
|
||||||
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin |
|
@ -1,12 +0,0 @@ |
|||||||
==== Use of tx.origin ==== |
|
||||||
SWC ID: 111 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: transferOwnership(address) |
|
||||||
PC address: 317 |
|
||||||
Estimated Gas Usage: 626 - 1051 |
|
||||||
Use of tx.origin is deprecated. |
|
||||||
The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. |
|
||||||
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,45 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 567, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 78155, |
|
||||||
"min_gas_used": 17019, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Underflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 649, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 78155, |
|
||||||
"min_gas_used": 17019, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Underflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 725, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 78155, |
|
||||||
"min_gas_used": 17019, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Overflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,66 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary subtraction can underflow.", |
|
||||||
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "567:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary subtraction can underflow.", |
|
||||||
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "649:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary addition can overflow.", |
|
||||||
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "725:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0xf230bec502569e8b7e7737616d0ad0f200c436624e3c223e5398c0615cd2d6b9" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,40 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Integer Underflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 567 |
|
||||||
- Estimated Gas Usage: 17019 - 78155 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
|
|
||||||
## Integer Underflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 649 |
|
||||||
- Estimated Gas Usage: 17019 - 78155 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
|
|
||||||
## Integer Overflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 725 |
|
||||||
- Estimated Gas Usage: 17019 - 78155 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
@ -1,33 +0,0 @@ |
|||||||
==== Integer Underflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 567 |
|
||||||
Estimated Gas Usage: 17019 - 78155 |
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Integer Underflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 649 |
|
||||||
Estimated Gas Usage: 17019 - 78155 |
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Integer Overflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 725 |
|
||||||
Estimated Gas Usage: 17019 - 78155 |
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,45 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 196, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "callchecked()", |
|
||||||
"max_gas_used": 1210, |
|
||||||
"min_gas_used": 599, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 285, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", |
|
||||||
"function": "callnotchecked()", |
|
||||||
"max_gas_used": 1232, |
|
||||||
"min_gas_used": 621, |
|
||||||
"severity": "Medium", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "107", |
|
||||||
"title": "External Call To User-Supplied Address", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 285, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", |
|
||||||
"function": "callnotchecked()", |
|
||||||
"max_gas_used": 35950, |
|
||||||
"min_gas_used": 1339, |
|
||||||
"severity": "Low", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "104", |
|
||||||
"title": "Unchecked Call Return Value", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,66 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "196:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "A call to a user-supplied address is executed.", |
|
||||||
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "285:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Medium", |
|
||||||
"swcID": "SWC-107", |
|
||||||
"swcTitle": "Reentrancy" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The return value of a message call is not checked.", |
|
||||||
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "285:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "Low", |
|
||||||
"swcID": "SWC-104", |
|
||||||
"swcTitle": "Unchecked Call Return Value" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0xb191cf6cc0d8cc37a91c9d88019cc011b932169fb5776df616e2bb9cd93b4039" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,40 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `callchecked()` |
|
||||||
- PC address: 196 |
|
||||||
- Estimated Gas Usage: 599 - 1210 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## External Call To User-Supplied Address |
|
||||||
- SWC ID: 107 |
|
||||||
- Severity: Medium |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `callnotchecked()` |
|
||||||
- PC address: 285 |
|
||||||
- Estimated Gas Usage: 621 - 1232 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
|
|
||||||
## Unchecked Call Return Value |
|
||||||
- SWC ID: 104 |
|
||||||
- Severity: Low |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `callnotchecked()` |
|
||||||
- PC address: 285 |
|
||||||
- Estimated Gas Usage: 1339 - 35950 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
@ -1,33 +0,0 @@ |
|||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: callchecked() |
|
||||||
PC address: 196 |
|
||||||
Estimated Gas Usage: 599 - 1210 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== External Call To User-Supplied Address ==== |
|
||||||
SWC ID: 107 |
|
||||||
Severity: Medium |
|
||||||
Contract: Unknown |
|
||||||
Function name: callnotchecked() |
|
||||||
PC address: 285 |
|
||||||
Estimated Gas Usage: 621 - 1232 |
|
||||||
A call to a user-supplied address is executed. |
|
||||||
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Unchecked Call Return Value ==== |
|
||||||
SWC ID: 104 |
|
||||||
Severity: Low |
|
||||||
Contract: Unknown |
|
||||||
Function name: callnotchecked() |
|
||||||
PC address: 285 |
|
||||||
Estimated Gas Usage: 1339 - 35950 |
|
||||||
The return value of a message call is not checked. |
|
||||||
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,19 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 146, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.", |
|
||||||
"function": "kill(address)", |
|
||||||
"max_gas_used": 263, |
|
||||||
"min_gas_used": 168, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "106", |
|
||||||
"title": "Unprotected Selfdestruct", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,30 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The contract can be killed by anyone.", |
|
||||||
"tail": "Anyone can kill this contract and withdraw its balance to an arbitrary address." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "146:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-106", |
|
||||||
"swcTitle": "Unprotected SELFDESTRUCT Instruction" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0x2fb801366b61a05b30550481a1c8f7d5f20de0b93d9f2f2ce2b28c4e322033c9" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,14 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Unprotected Selfdestruct |
|
||||||
- SWC ID: 106 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `kill(address)` |
|
||||||
- PC address: 146 |
|
||||||
- Estimated Gas Usage: 168 - 263 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The contract can be killed by anyone. |
|
||||||
Anyone can kill this contract and withdraw its balance to an arbitrary address. |
|
@ -1,11 +0,0 @@ |
|||||||
==== Unprotected Selfdestruct ==== |
|
||||||
SWC ID: 106 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: kill(address) |
|
||||||
PC address: 146 |
|
||||||
Estimated Gas Usage: 168 - 263 |
|
||||||
The contract can be killed by anyone. |
|
||||||
Anyone can kill this contract and withdraw its balance to an arbitrary address. |
|
||||||
-------------------- |
|
||||||
|
|
@ -1,45 +0,0 @@ |
|||||||
{ |
|
||||||
"error": null, |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"address": 567, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 52861, |
|
||||||
"min_gas_used": 11915, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Underflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 649, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 52861, |
|
||||||
"min_gas_used": 11915, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Underflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"address": 725, |
|
||||||
"contract": "Unknown", |
|
||||||
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", |
|
||||||
"function": "sendeth(address,uint256)", |
|
||||||
"max_gas_used": 52861, |
|
||||||
"min_gas_used": 11915, |
|
||||||
"severity": "High", |
|
||||||
"sourceMap": null, |
|
||||||
"swc-id": "101", |
|
||||||
"title": "Integer Overflow", |
|
||||||
"tx_sequence": "<TX-DATA>" |
|
||||||
} |
|
||||||
], |
|
||||||
"success": true |
|
||||||
} |
|
@ -1,66 +0,0 @@ |
|||||||
[ |
|
||||||
{ |
|
||||||
"issues": [ |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary subtraction can underflow.", |
|
||||||
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "567:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary subtraction can underflow.", |
|
||||||
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "649:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
}, |
|
||||||
{ |
|
||||||
"description": { |
|
||||||
"head": "The binary addition can overflow.", |
|
||||||
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." |
|
||||||
}, |
|
||||||
"extra": { |
|
||||||
"discoveryTime": "<DISCOVERY-TIME-DATA>", |
|
||||||
"testCase": "<TEST-CASE>" |
|
||||||
}, |
|
||||||
"locations": [ |
|
||||||
{ |
|
||||||
"sourceMap": "725:1:0" |
|
||||||
} |
|
||||||
], |
|
||||||
"severity": "High", |
|
||||||
"swcID": "SWC-101", |
|
||||||
"swcTitle": "Integer Overflow and Underflow" |
|
||||||
} |
|
||||||
], |
|
||||||
"meta": {}, |
|
||||||
"sourceFormat": "evm-byzantium-bytecode", |
|
||||||
"sourceList": [ |
|
||||||
"0xabef56740bf7795a9f8732e4781ebd27f2977f8a4997e3ff11cee79a4ba6c0ce" |
|
||||||
], |
|
||||||
"sourceType": "raw-bytecode" |
|
||||||
} |
|
||||||
] |
|
@ -1,40 +0,0 @@ |
|||||||
# Analysis results for test-filename.sol |
|
||||||
|
|
||||||
## Integer Underflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 567 |
|
||||||
- Estimated Gas Usage: 11915 - 52861 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
|
|
||||||
## Integer Underflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 649 |
|
||||||
- Estimated Gas Usage: 11915 - 52861 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
|
|
||||||
## Integer Overflow |
|
||||||
- SWC ID: 101 |
|
||||||
- Severity: High |
|
||||||
- Contract: Unknown |
|
||||||
- Function name: `sendeth(address,uint256)` |
|
||||||
- PC address: 725 |
|
||||||
- Estimated Gas Usage: 11915 - 52861 |
|
||||||
|
|
||||||
### Description |
|
||||||
|
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
@ -1,33 +0,0 @@ |
|||||||
==== Integer Underflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 567 |
|
||||||
Estimated Gas Usage: 11915 - 52861 |
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Integer Underflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 649 |
|
||||||
Estimated Gas Usage: 11915 - 52861 |
|
||||||
The binary subtraction can underflow. |
|
||||||
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
||||||
==== Integer Overflow ==== |
|
||||||
SWC ID: 101 |
|
||||||
Severity: High |
|
||||||
Contract: Unknown |
|
||||||
Function name: sendeth(address,uint256) |
|
||||||
PC address: 725 |
|
||||||
Estimated Gas Usage: 11915 - 52861 |
|
||||||
The binary addition can overflow. |
|
||||||
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. |
|
||||||
-------------------- |
|
||||||
|
|
Loading…
Reference in new issue