Merge develop into dmuhs/type-hints

pull/632/head
Dominik Muhs 6 years ago
parent 9af7018235
commit 524c10a8c8
  1. 6
      .circleci/config.yml
  2. 31
      README.md
  3. 9
      mythril/analysis/modules/dependence_on_predictable_vars.py
  4. 184
      mythril/analysis/modules/ether_send.py
  5. 3
      mythril/analysis/modules/exceptions.py
  6. 12
      mythril/analysis/modules/integer.py
  7. 7
      mythril/analysis/modules/multiple_sends.py
  8. 5
      mythril/analysis/modules/suicide.py
  9. 6
      mythril/analysis/modules/transaction_order_dependence.py
  10. 6
      mythril/analysis/solver.py
  11. 7
      mythril/analysis/symbolic.py
  12. 7
      mythril/analysis/traceexplore.py
  13. 107
      mythril/disassembler/disassembly.py
  14. 2
      mythril/ether/ethcontract.py
  15. 27
      mythril/ether/evm.py
  16. 17
      mythril/ethereum/interface/leveldb/accountindexing.py
  17. 61
      mythril/ethereum/interface/leveldb/client.py
  18. 32
      mythril/ethereum/interface/leveldb/state.py
  19. 38
      mythril/interfaces/cli.py
  20. 26
      mythril/laser/ethereum/call.py
  21. 2
      mythril/laser/ethereum/cfg.py
  22. 109
      mythril/laser/ethereum/instructions.py
  23. 1
      mythril/laser/ethereum/keccak.py
  24. 2
      mythril/laser/ethereum/natives.py
  25. 104
      mythril/laser/ethereum/state.py
  26. 25
      mythril/laser/ethereum/strategy/__init__.py
  27. 96
      mythril/laser/ethereum/strategy/basic.py
  28. 10
      mythril/laser/ethereum/svm.py
  29. 1
      mythril/laser/ethereum/taint_analysis.py
  30. 6
      mythril/laser/ethereum/transaction/concolic.py
  31. 4
      mythril/laser/ethereum/transaction/symbolic.py
  32. 21
      mythril/laser/ethereum/transaction/transaction_models.py
  33. 13
      mythril/laser/ethereum/util.py
  34. 32
      mythril/mythril.py
  35. 8
      mythril/support/signatures.py
  36. 1
      requirements.txt
  37. 1
      setup.py
  38. BIN
      static/mythril.png
  39. BIN
      static/mythril_new.png
  40. 2
      tests/analysis/test_delegatecall.py
  41. 5
      tests/cmd_line_test.py
  42. 0
      tests/disassembler/__init__.py
  43. 61
      tests/disassembler/disassembly.py
  44. 9
      tests/laser/evm_testsuite/evm_test.py
  45. 102
      tests/laser/state/calldata_test.py
  46. 2
      tests/laser/state/mstack_test.py
  47. 2
      tests/laser/transaction/symbolic_test.py
  48. 6
      tests/report_test.py
  49. 2
      tests/svm_test.py
  50. 10
      tests/testdata/outputs_expected/calls.sol.o.graph.html
  51. 2
      tests/testdata/outputs_expected/calls.sol.o.json
  52. 2
      tests/testdata/outputs_expected/calls.sol.o.markdown
  53. 2
      tests/testdata/outputs_expected/calls.sol.o.text
  54. 10
      tests/testdata/outputs_expected/environments.sol.o.graph.html
  55. 10
      tests/testdata/outputs_expected/ether_send.sol.o.graph.html
  56. 2
      tests/testdata/outputs_expected/ether_send.sol.o.json
  57. 7
      tests/testdata/outputs_expected/ether_send.sol.o.markdown
  58. 8
      tests/testdata/outputs_expected/ether_send.sol.o.text
  59. 10
      tests/testdata/outputs_expected/exceptions.sol.o.graph.html
  60. 2
      tests/testdata/outputs_expected/exceptions.sol.o.json
  61. 8
      tests/testdata/outputs_expected/exceptions.sol.o.markdown
  62. 8
      tests/testdata/outputs_expected/exceptions.sol.o.text
  63. 10
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.graph.html
  64. 10
      tests/testdata/outputs_expected/metacoin.sol.o.graph.html
  65. 10
      tests/testdata/outputs_expected/multi_contracts.sol.o.graph.html
  66. 2
      tests/testdata/outputs_expected/multi_contracts.sol.o.json
  67. 3
      tests/testdata/outputs_expected/multi_contracts.sol.o.markdown
  68. 3
      tests/testdata/outputs_expected/multi_contracts.sol.o.text
  69. 10
      tests/testdata/outputs_expected/nonascii.sol.o.graph.html
  70. 10
      tests/testdata/outputs_expected/origin.sol.o.graph.html
  71. 2
      tests/testdata/outputs_expected/origin.sol.o.json
  72. 400
      tests/testdata/outputs_expected/outputs_current/calls.sol.o.easm
  73. 62
      tests/testdata/outputs_expected/outputs_current/calls.sol.o.graph.html
  74. 1
      tests/testdata/outputs_expected/outputs_current/calls.sol.o.json
  75. 111
      tests/testdata/outputs_expected/outputs_current/calls.sol.o.markdown
  76. 90
      tests/testdata/outputs_expected/outputs_current/calls.sol.o.text
  77. 259
      tests/testdata/outputs_expected/outputs_current/environments.sol.o.easm
  78. 62
      tests/testdata/outputs_expected/outputs_current/environments.sol.o.graph.html
  79. 420
      tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.easm
  80. 62
      tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.graph.html
  81. 1
      tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.json
  82. 23
      tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.markdown
  83. 19
      tests/testdata/outputs_expected/outputs_current/ether_send.sol.o.text
  84. 392
      tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.easm
  85. 62
      tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.graph.html
  86. 1
      tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.json
  87. 45
      tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.markdown
  88. 36
      tests/testdata/outputs_expected/outputs_current/exceptions.sol.o.text
  89. 435
      tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.easm
  90. 62
      tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.graph.html
  91. 1
      tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.json
  92. 45
      tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.markdown
  93. 36
      tests/testdata/outputs_expected/outputs_current/kinds_of_calls.sol.o.text
  94. 253
      tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.easm
  95. 62
      tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.graph.html
  96. 1
      tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.json
  97. 3
      tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.markdown
  98. 1
      tests/testdata/outputs_expected/outputs_current/metacoin.sol.o.text
  99. 77
      tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.easm
  100. 62
      tests/testdata/outputs_expected/outputs_current/multi_contracts.sol.o.graph.html
  101. Some files were not shown because too many files have changed in this diff Show More

@ -33,6 +33,12 @@ jobs:
- .tox/py*
- /root/.cache/pip/wheels/
- run:
name: Black style check
command: |
pip3 install --user black
python3 -m black --check /home/mythril/
- run:
background: true
name: Launch of background geth instance

@ -1,17 +1,21 @@
# Mythril OSS [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Mythril%20-%20Security%20Analyzer%20for%20Ethereum%20Smart%20Contracts&url=https://www.github.com/ConsenSys/mythril)
# Mythril Classic
<p align="center">
<img src="/static/mythril_new.png" height="320px"/>
</p>
[![Discord](https://img.shields.io/discord/481002907366588416.svg)](https://discord.gg/E3YrVtG)
[![PyPI](https://badge.fury.io/py/mythril.svg)](https://pypi.python.org/pypi/mythril)
![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril/master.svg)
[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril.svg?columns=In%20Progress)](https://waffle.io/ConsenSys/mythril)
![Master Build Status](https://img.shields.io/circleci/project/github/ConsenSys/mythril-classic/master.svg)
[![Waffle.io - Columns and their card count](https://badge.waffle.io/ConsenSys/mythril-classic.svg?columns=In%20Progress)](https://waffle.io/ConsenSys/mythril-classic/)
[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
[![PyPI Statistics](https://pypistats.com/badge/mythril.svg)](https://pypistats.com/package/mythril)
<img height="120px" align="right" src="https://github.com/ConsenSys/mythril/raw/master/static/mythril.png" alt="mythril" />
Mythril OSS is the classic security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs!
Whether you want to contribute, need support, or want to learn what we have cooking for the future, our [Discord server](https://discord.gg/E3YrVtG) will serve your needs.
Oh and by the way, we're building an easy-to-use SaaS solution and tools ecosystem for Ethereum developers called [Mythril Platform](https://mythril.ai). You should definitely check that out as well.
Oh and by the way, we're also building an easy-to-use security analysis platform (a.k.a. "the INFURA for smart contract security") that anybody can use to create purpose-built security tools. It's called [Mythril Platform](https://mythril.ai) and you should definitely [check it out](https://media.consensys.net/mythril-platform-api-is-upping-the-smart-contract-security-game-eee1d2642488).
## Installation and setup
@ -31,21 +35,10 @@ See the [Wiki](https://github.com/ConsenSys/mythril/wiki/Installation-and-Setup)
## Usage
Instructions for using the 'myth' tool are found on the [Wiki](https://github.com/ConsenSys/mythril/wiki).
Instructions for using Mythril Classic are found on the [Wiki](https://github.com/ConsenSys/mythril-classic/wiki).
For support or general discussions please join the Mythril community on [Discord](https://discord.gg/E3YrVtG).
## Vulnerability Remediation
Visit the [Smart Contract Vulnerability Classification Registry](https://smartcontractsecurity.github.io/SWC-registry/) to find detailed information and remediation guidance for the vulnerabilities reported.
## Presentations, papers and articles
- [Analyzing Ethereum Smart Contracts for Vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df)
- [What Caused the Parity SUICIDE Vulnerability & How to Detect Similar Bugs](https://hackernoon.com/what-caused-the-latest-100-million-ethereum-bug-and-a-detection-tool-for-similar-bugs-7b80f8ab7279)
- [Detecting Integer Overflows in Ethereum Smart Contracts](https://media.consensys.net/detecting-batchoverflow-and-similar-flaws-in-ethereum-smart-contracts-93cf5a5aaac8)
- [How Formal Verification Can Ensure Flawless Smart Contracts](https://media.consensys.net/how-formal-verification-can-ensure-flawless-smart-contracts-cbda8ad99bd1)
- [Smashing Smart Contracts for Fun and Real Profit](https://hackernoon.com/hitb2018ams-smashing-smart-contracts-for-fun-and-real-profit-720f5e3ac777)
- [HITBSecConf 2018 - Presentation video](https://www.youtube.com/watch?v=iqf6epACgds)
- [EDCon Toronto 2018 - Mythril: Find bugs and verify security properties in your contracts](https://www.youtube.com/watch?v=NJ9StJThxZY&feature=youtu.be&t=3h3m18s)

@ -156,12 +156,11 @@ def solve(call):
try:
model = solver.get_model(call.node.constraints)
logging.debug("[DEPENDENCE_ON_PREDICTABLE_VARS] MODEL: " + str(model))
pretty_model = solver.pretty_print_model(model)
for d in model.decls():
logging.debug(
"[DEPENDENCE_ON_PREDICTABLE_VARS] main model: %s = 0x%x"
% (d.name(), model[d].as_long())
)
logging.debug(
"[DEPENDENCE_ON_PREDICTABLE_VARS] main model: \n%s" % pretty_model
)
return True
except UnsatError:

@ -1,10 +1,8 @@
from z3 import *
from mythril.analysis.ops import *
from mythril.analysis import solver
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import UNPROTECTED_ETHER_WITHDRAWAL
from mythril.exceptions import UnsatError
import re
import logging
@ -17,147 +15,63 @@ to that index).
"""
def execute(statespace):
def execute(state_space):
logging.debug("Executing module: ETHER_SEND")
issues = []
for call in statespace.calls:
for k in state_space.nodes:
node = state_space.nodes[k]
state = call.state
address = state.get_current_instruction()["address"]
for state in node.states:
issues += _analyze_state(state, node)
if "callvalue" in str(call.value):
logging.debug("[ETHER_SEND] Skipping refund function")
continue
# We're only interested in calls that send Ether
if call.value.type == VarType.CONCRETE and call.value.val == 0:
continue
interesting = False
description = "In the function `" + call.node.function_name + "` "
if re.search(r"caller", str(call.to)):
description += "a non-zero amount of Ether is sent to msg.sender.\n"
interesting = True
elif re.search(r"calldata", str(call.to)):
description += "a non-zero amount of Ether is sent to an address taken from function arguments.\n"
interesting = True
else:
m = re.search(r"storage_([a-z0-9_&^]+)", str(call.to))
if m:
idx = m.group(1)
description += (
"a non-zero amount of Ether is sent to an address taken from storage slot "
+ str(idx)
+ ".\n"
)
func = statespace.find_storage_write(
state.environment.active_account.address, idx
)
if func:
description += (
"There is a check on storage index "
+ str(idx)
+ ". This storage slot can be written to by calling the function `"
+ func
+ "`.\n"
)
interesting = True
else:
logging.debug("[ETHER_SEND] No storage writes to index " + str(idx))
if interesting:
node = call.node
can_solve = True
constrained = False
index = 0
while can_solve and index < len(node.constraints):
constraint = node.constraints[index]
index += 1
logging.debug("[ETHER_SEND] Constraint: " + str(constraint))
m = re.search(r"storage_([a-z0-9_&^]+)", str(constraint))
if m:
constrained = True
idx = m.group(1)
func = statespace.find_storage_write(
state.environment.active_account.address, idx
)
if func:
description += (
"\nThere is a check on storage index "
+ str(idx)
+ ". This storage slot can be written to by calling the function `"
+ func
+ "`."
)
else:
logging.debug(
"[ETHER_SEND] No storage writes to index " + str(idx)
)
can_solve = False
break
return issues
# CALLER may also be constrained to hardcoded address. I.e. 'caller' and some integer
elif re.search(r"caller", str(constraint)) and re.search(
r"[0-9]{20}", str(constraint)
):
constrained = True
can_solve = False
break
if not constrained:
description += (
"It seems that this function can be called without restrictions."
)
if can_solve:
try:
model = solver.get_model(node.constraints)
for d in model.decls():
logging.debug(
"[ETHER_SEND] main model: %s = 0x%x"
% (d.name(), model[d].as_long())
)
debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
issue = Issue(
contract=call.node.contract_name,
function=call.node.function_name,
address=address,
title="Ether send",
_type="Warning",
swc_id=UNPROTECTED_ETHER_WITHDRAWAL,
description=description,
debug=debug,
)
issues.append(issue)
except UnsatError:
logging.debug("[ETHER_SEND] no model found")
def _analyze_state(state, node):
issues = []
instruction = state.get_current_instruction()
if instruction["opcode"] != "CALL":
return []
call_value = state.mstate.stack[-3]
target = state.mstate.stack[-2]
not_creator_constraints = []
if len(state.world_state.transaction_sequence) > 1:
creator = state.world_state.transaction_sequence[0].caller
for transaction in state.world_state.transaction_sequence[1:]:
not_creator_constraints.append(
Not(Extract(159, 0, transaction.caller) == Extract(159, 0, creator))
)
not_creator_constraints.append(
Not(Extract(159, 0, transaction.caller) == 0)
)
try:
model = solver.get_model(
node.constraints + not_creator_constraints + [call_value > 0]
)
debug = "SOLVER OUTPUT:\n" + solver.pretty_print_model(model)
issue = Issue(
contract=node.contract_name,
function=node.function_name,
address=instruction["address"],
swc_id=UNPROTECTED_ETHER_WITHDRAWAL,
title="Ether send",
_type="Warning",
description="It seems that an attacker is able to execute an call instruction,"
" this can mean that the attacker is able to extract funds "
"out of the contract.".format(target),
debug=debug,
)
issues.append(issue)
except UnsatError:
logging.debug("[UNCHECKED_SUICIDE] no model found")
return issues

@ -36,8 +36,7 @@ def execute(statespace):
"out-of-bounds array access, or assert violations. "
)
description += (
"This is acceptable in most situations. "
"Note however that `assert()` should only be used to check invariants. "
"Note that explicit `assert()` should only be used to check invariants. "
"Use `require()` for regular input checking. "
)

@ -98,12 +98,7 @@ def _check_integer_overflow(statespace, state, node):
_type="Warning",
)
issue.description = (
"A possible integer overflow exists in the function `{}`.\n"
"The addition or multiplication may result in a value higher than the maximum representable integer.".format(
node.function_name
)
)
issue.description = "The arithmetic operation can result in integer overflow.\n"
issue.debug = solver.pretty_print_model(model)
issues.append(issue)
@ -211,10 +206,7 @@ def _check_integer_underflow(statespace, state, node):
)
issue.description = (
"A possible integer underflow exists in the function `"
+ node.function_name
+ "`.\n"
"The subtraction may result in a value < 0."
"The subtraction can result in an integer underflow.\n"
)
issue.debug = solver.pretty_print_model(model)

@ -32,7 +32,8 @@ def execute(statespace):
)
issue.description = (
"Multiple sends exist in one transaction. Try to isolate each external call into its own transaction,"
"Multiple sends are executed in a single transaction. "
"Try to isolate each external call into its own transaction,"
" as external calls can fail accidentally or deliberately.\nConsecutive calls: \n"
)
@ -47,9 +48,7 @@ def execute(statespace):
def _explore_nodes(call, statespace):
children = _child_nodes(statespace, call.node)
sending_children = list(
filter(lambda call: call.node in children, statespace.calls)
)
sending_children = list(filter(lambda c: c.node in children, statespace.calls))
return sending_children

@ -39,9 +39,8 @@ def _analyze_state(state, node):
to = state.mstate.stack[-1]
logging.debug("[UNCHECKED_SUICIDE] suicide in function " + node.function_name)
description = (
"The function `" + node.function_name + "` executes the SUICIDE instruction. "
)
description = "A reachable SUICIDE instruction was detected. "
if "caller" in str(to):
description += "The remaining Ether is sent to the caller's address.\n"

@ -42,10 +42,8 @@ def execute(statespace):
)
issue.description = (
"A possible transaction order dependence vulnerability exists in function {}. The value or "
"direction of the call statement is determined from a tainted storage location".format(
node.function_name
)
"Possible transaction order dependence vulnerability: The value or "
"direction of the call statement is determined from a tainted storage location"
)
issues.append(issue)

@ -1,4 +1,4 @@
from z3 import Solver, simplify, sat, unknown
from z3 import Solver, simplify, sat, unknown, FuncInterp
from mythril.exceptions import UnsatError
import logging
@ -22,6 +22,10 @@ def pretty_print_model(model):
ret = ""
for d in model.decls():
if type(model[d]) == FuncInterp:
condition = model[d].as_list()
ret += "%s: %s\n" % (d.name(), condition)
continue
try:
condition = "0x%x" % model[d].as_long()

@ -7,6 +7,8 @@ from .ops import get_variable, SStore, Call, VarType
from mythril.laser.ethereum.strategy.basic import (
DepthFirstSearchStrategy,
BreadthFirstSearchStrategy,
ReturnRandomNaivelyStrategy,
ReturnWeightedRandomStrategy,
)
@ -28,11 +30,14 @@ class SymExecWrapper:
max_transaction_count=3,
):
s_strategy = None
if strategy == "dfs":
s_strategy = DepthFirstSearchStrategy
elif strategy == "bfs":
s_strategy = BreadthFirstSearchStrategy
elif strategy == "naive-random":
s_strategy = ReturnRandomNaivelyStrategy
elif strategy == "weighted-random":
s_strategy = ReturnWeightedRandomStrategy
else:
raise ValueError("Invalid strategy argument supplied")

@ -47,7 +47,6 @@ colors = [
def get_serializable_statespace(statespace):
nodes = []
edges = []
@ -77,10 +76,10 @@ def get_serializable_statespace(statespace):
color = color_map[node.get_cfg_dict()["contract_name"]]
def get_state_accounts(state):
def get_state_accounts(node_state):
state_accounts = []
for key in state.accounts:
account = state.accounts[key].as_dict
for key in node_state.accounts:
account = node_state.accounts[key].as_dict
account.pop("code", None)
account["balance"] = str(account["balance"])

@ -4,16 +4,27 @@ import logging
class Disassembly(object):
def __init__(self, code, enable_online_lookup=True):
"""
Disassembly class
Stores bytecode, and its disassembly.
Additionally it will gather the following information on the existing functions in the disassembled code:
- function hashes
- function name to entry point mapping
- function entry point to function name mapping
"""
def __init__(self, code: str, enable_online_lookup: bool = False):
self.bytecode = code
self.instruction_list = asm.disassemble(util.safe_decode(code))
self.func_hashes = []
self.func_to_addr = {}
self.addr_to_func = {}
self.bytecode = code
self.function_name_to_address = {}
self.address_to_function_name = {}
signatures = SignatureDb(
enable_online_lookup=enable_online_lookup
) # control if you want to have online sighash lookups
) # control if you want to have online signature hash lookups
try:
signatures.open() # open from default locations
except FileNotFoundError:
@ -21,46 +32,64 @@ class Disassembly(object):
"Missing function signature file. Resolving of function names from signature file disabled."
)
# Parse jump table & resolve function names
# Need to take from PUSH1 to PUSH4 because solc seems to remove excess 0s at the beginning for optimizing
jmptable_indices = asm.find_opcode_sequence(
jump_table_indices = asm.find_opcode_sequence(
[("PUSH1", "PUSH2", "PUSH3", "PUSH4"), ("EQ",)], self.instruction_list
)
for i in jmptable_indices:
func_hash = self.instruction_list[i]["argument"]
# Append with missing 0s at the beginning
func_hash = "0x" + func_hash[2:].rjust(8, "0")
self.func_hashes.append(func_hash)
try:
# tries local cache, file and optional online lookup
# may return more than one function signature. since we cannot probe for the correct one we'll use the first
func_names = signatures.get(func_hash)
if len(func_names) > 1:
# ambigious result
func_name = (
"**ambiguous** %s" % func_names[0]
) # return first hit but note that result was ambiguous
else:
# only one item
func_name = func_names[0]
except KeyError:
func_name = "_function_" + func_hash
try:
offset = self.instruction_list[i + 2]["argument"]
jump_target = int(offset, 16)
self.func_to_addr[func_name] = jump_target
self.addr_to_func[jump_target] = func_name
except:
continue
for index in jump_table_indices:
function_hash, jump_target, function_name = get_function_info(
index, self.instruction_list, signatures
)
self.func_hashes.append(function_hash)
if jump_target is not None and function_name is not None:
self.function_name_to_address[function_name] = jump_target
self.address_to_function_name[jump_target] = function_name
signatures.write() # store resolved signatures (potentially resolved online)
def get_easm(self):
# todo: tintinweb - print funcsig resolved data from self.addr_to_func?
return asm.instruction_list_to_easm(self.instruction_list)
def get_function_info(
index: int, instruction_list: list, signature_database: SignatureDb
) -> (str, int, str):
"""
Finds the function information for a call table entry
Solidity uses the first 4 bytes of the calldata to indicate which function the message call should execute
The generated code that directs execution to the correct function looks like this:
- PUSH function_hash
- EQ
- PUSH entry_point
- JUMPI
This function takes an index that points to the first instruction, and from that finds out the function hash,
function entry and the function name.
:param index: Start of the entry pattern
:param instruction_list: Instruction list for the contract that is being analyzed
:param signature_database: Database used to map function hashes to their respective function names
:return: function hash, function entry point, function name
"""
# Append with missing 0s at the beginning
function_hash = "0x" + instruction_list[index]["argument"][2:].rjust(8, "0")
function_names = signature_database.get(function_hash)
if len(function_names) > 1:
# In this case there was an ambiguous result
function_name = "**ambiguous** {}".format(function_names[0])
elif len(function_names) == 1:
function_name = function_names[0]
else:
function_name = "_function_" + function_hash
try:
offset = instruction_list[index + 2]["argument"]
entry_point = int(offset, 16)
except (KeyError, IndexError):
return function_hash, None, None
return function_hash, entry_point, function_name

@ -6,7 +6,7 @@ import re
class ETHContract(persistent.Persistent):
def __init__(
self, code, creation_code="", name="Unknown", enable_online_lookup=True
self, code, creation_code="", name="Unknown", enable_online_lookup=False
):
# Workaround: We currently do not support compile-time linking.

@ -8,14 +8,12 @@ import re
def trace(code, calldata=""):
log_handlers = [
"eth.vm.op",
"eth.vm.op.stack",
"eth.vm.op.memory",
"eth.vm.op.storage",
]
output = StringIO()
stream_handler = StreamHandler(output)
@ -25,58 +23,43 @@ def trace(code, calldata=""):
log_vm_op.addHandler(stream_handler)
addr = bytes.fromhex("0123456789ABCDEF0123456789ABCDEF01234567")
state = State()
ext = messages.VMExt(state, transactions.Transaction(0, 0, 21000, addr, 0, addr))
message = vm.Message(addr, addr, 0, 21000, calldata)
res, gas, dat = vm.vm_execute(ext, message, util.safe_decode(code))
vm.vm_execute(ext, message, util.safe_decode(code))
stream_handler.flush()
ret = output.getvalue()
lines = ret.split("\n")
trace = []
state_trace = []
for line in lines:
m = re.search(r"pc=b\'(\d+)\'.*op=([A-Z0-9]+)", line)
if m:
pc = m.group(1)
op = m.group(2)
m = re.match(r".*stack=(\[.*?\])", line)
if m:
stackitems = re.findall(r"b\'(\d+)\'", m.group(1))
stack = "["
if len(stackitems):
for i in range(0, len(stackitems) - 1):
stack += hex(int(stackitems[i])) + ", "
stack += hex(int(stackitems[-1]))
stack += "]"
else:
stack = "[]"
if re.match(r"^PUSH.*", op):
val = re.search(r"pushvalue=(\d+)", line).group(1)
pushvalue = hex(int(val))
trace.append(
state_trace.append(
{"pc": pc, "op": op, "stack": stack, "pushvalue": pushvalue}
)
else:
trace.append({"pc": pc, "op": op, "stack": stack})
state_trace.append({"pc": pc, "op": op, "stack": stack})
return trace
return state_trace

@ -63,16 +63,15 @@ class AccountIndexer(object):
def get_contract_by_hash(self, contract_hash):
"""
get mapped address by its hash, if not found try indexing
get mapped contract_address by its hash, if not found try indexing
"""
address = self.db.reader._get_address_by_hash(contract_hash)
if address is not None:
return address
contract_address = self.db.reader._get_address_by_hash(contract_hash)
if contract_address is not None:
return contract_address
else:
raise AddressNotFoundError
return self.db.reader._get_address_by_hash(contract_hash)
def _process(self, startblock):
"""
Processesing method
@ -84,9 +83,9 @@ class AccountIndexer(object):
addresses = []
for blockNum in range(startblock, startblock + BATCH_SIZE):
hash = self.db.reader._get_block_hash(blockNum)
if hash is not None:
receipts = self.db.reader._get_block_receipts(hash, blockNum)
block_hash = self.db.reader._get_block_hash(blockNum)
if block_hash is not None:
receipts = self.db.reader._get_block_receipts(block_hash, blockNum)
for receipt in receipts:
if receipt.contractAddress is not None and not all(

@ -84,55 +84,46 @@ class LevelDBReader(object):
gets head block header
"""
if not self.head_block_header:
hash = self.db.get(head_header_key)
num = self._get_block_number(hash)
self.head_block_header = self._get_block_header(hash, num)
block_hash = self.db.get(head_header_key)
num = self._get_block_number(block_hash)
self.head_block_header = self._get_block_header(block_hash, num)
# find header with valid state
while (
not self.db.get(self.head_block_header.state_root)
and self.head_block_header.prevhash is not None
):
hash = self.head_block_header.prevhash
num = self._get_block_number(hash)
self.head_block_header = self._get_block_header(hash, num)
block_hash = self.head_block_header.prevhash
num = self._get_block_number(block_hash)
self.head_block_header = self._get_block_header(block_hash, num)
return self.head_block_header
def _get_block_number(self, hash):
"""
gets block number by hash
"""
number_key = block_hash_prefix + hash
def _get_block_number(self, block_hash):
"""Get block number by its hash"""
number_key = block_hash_prefix + block_hash
return self.db.get(number_key)
def _get_block_header(self, hash, num):
"""
get block header by block header hash & number
"""
header_key = header_prefix + num + hash
def _get_block_header(self, block_hash, num):
"""Get block header by block header hash & number"""
header_key = header_prefix + num + block_hash
block_header_data = self.db.get(header_key)
header = rlp.decode(block_header_data, sedes=BlockHeader)
return header
def _get_address_by_hash(self, hash):
"""
get mapped address by its hash
"""
address_key = address_prefix + hash
def _get_address_by_hash(self, block_hash):
"""Get mapped address by its hash"""
address_key = address_prefix + block_hash
return self.db.get(address_key)
def _get_last_indexed_number(self):
"""
latest indexed block number
"""
"""Get latest indexed block number"""
return self.db.get(address_mapping_head_key)
def _get_block_receipts(self, hash, num):
"""
get block transaction receipts by block header hash & number
"""
def _get_block_receipts(self, block_hash, num):
"""Get block transaction receipts by block header hash & number"""
number = _format_block_number(num)
receipts_key = block_receipts_prefix + number + hash
receipts_key = block_receipts_prefix + number + block_hash
receipts_data = self.db.get(receipts_key)
receipts = rlp.decode(receipts_data, sedes=CountableList(ReceiptForStorage))
return receipts
@ -224,12 +215,10 @@ class EthLevelDB(object):
if not cnt % 1000:
logging.info("Searched %d contracts" % cnt)
def contract_hash_to_address(self, hash):
"""
tries to find corresponding account address
"""
def contract_hash_to_address(self, contract_hash):
"""Tries to find corresponding account address"""
address_hash = binascii.a2b_hex(utils.remove_0x_head(hash))
address_hash = binascii.a2b_hex(utils.remove_0x_head(contract_hash))
indexer = AccountIndexer(self)
return _encode_hex(indexer.get_contract_by_hash(address_hash))
@ -238,9 +227,9 @@ class EthLevelDB(object):
"""
gets block header by block number
"""
hash = self.reader._get_block_hash(number)
block_hash = self.reader._get_block_hash(number)
block_number = _format_block_number(number)
return self.reader._get_block_header(hash, block_number)
return self.reader._get_block_header(block_hash, block_number)
def eth_getBlockByNumber(self, number):
"""

@ -58,9 +58,9 @@ class Account(rlp.Serializable):
("code_hash", hash32),
]
def __init__(self, nonce, balance, storage, code_hash, db, address):
def __init__(self, nonce, balance, storage, code_hash, db, addr):
self.db = db
self.address = address
self.address = addr
super(Account, self).__init__(nonce, balance, storage, code_hash)
self.storage_cache = {}
self.storage_trie = SecureTrie(Trie(self.db))
@ -89,12 +89,12 @@ class Account(rlp.Serializable):
return self.storage_cache[key]
@classmethod
def blank_account(cls, db, address, initial_nonce=0):
def blank_account(cls, db, addr, initial_nonce=0):
"""
creates a blank account
"""
db.put(BLANK_HASH, b"")
o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, address)
o = cls(initial_nonce, 0, trie.BLANK_ROOT, BLANK_HASH, db, addr)
o.existent_at_start = False
return o
@ -117,22 +117,22 @@ class State:
self.journal = []
self.cache = {}
def get_and_cache_account(self, address):
"""
gets and caches an account for an addres, creates blank if not found
"""
if address in self.cache:
return self.cache[address]
rlpdata = self.secure_trie.get(address)
def get_and_cache_account(self, addr):
"""Gets and caches an account for an addres, creates blank if not found"""
if addr in self.cache:
return self.cache[addr]
rlpdata = self.secure_trie.get(addr)
if (
rlpdata == trie.BLANK_NODE and len(address) == 32
rlpdata == trie.BLANK_NODE and len(addr) == 32
): # support for hashed addresses
rlpdata = self.trie.get(address)
rlpdata = self.trie.get(addr)
if rlpdata != trie.BLANK_NODE:
o = rlp.decode(rlpdata, Account, db=self.db, address=address)
o = rlp.decode(rlpdata, Account, db=self.db, address=addr)
else:
o = Account.blank_account(self.db, address, 0)
self.cache[address] = o
o = Account.blank_account(self.db, addr, 0)
self.cache[addr] = o
o._mutable = True
o._cached_rlp = None
return o

@ -15,10 +15,11 @@ import argparse
from mythril.exceptions import CriticalError, AddressNotFoundError
from mythril.mythril import Mythril
from mythril.version import VERSION
import mythril.support.signatures as sigs
def exit_with_error(format, message):
if format == "text" or format == "markdown":
def exit_with_error(format_, message):
if format_ == "text" or format_ == "markdown":
print(message)
else:
result = {"success": False, "error": str(message), "issues": []}
@ -147,18 +148,19 @@ def main():
default=22,
help="Maximum recursion depth for symbolic execution",
)
options.add_argument(
"--strategy",
choices=["dfs", "bfs", "naive-random", "weighted-random"],
default="dfs",
help="Symbolic execution strategy",
)
options.add_argument(
"--max-transaction-count",
type=int,
default=3,
help="Maximum number of transactions issued by laser",
)
options.add_argument(
"--strategy",
choices=["dfs", "bfs"],
default="dfs",
help="Symbolic execution strategy",
)
options.add_argument(
"--execution-timeout",
type=int,
@ -179,6 +181,12 @@ def main():
"--enable-physics", action="store_true", help="enable graph physics simulation"
)
options.add_argument("-v", type=int, help="log level (0-2)", metavar="LOG_LEVEL")
options.add_argument(
"-q",
"--query-signature",
action="store_true",
help="Lookup function signatures through www.4byte.directory",
)
rpc = parser.add_argument_group("RPC options")
rpc.add_argument(
@ -231,6 +239,13 @@ def main():
args.outform, "Invalid -v value, you can find valid values in usage"
)
if args.query_signature:
if sigs.ethereum_input_decoder == None:
exit_with_error(
args.outform,
"The --query-signature function requires the python package ethereum-input-decoder",
)
# -- commands --
if args.hash:
print(Mythril.hash_for_function_signature(args.hash))
@ -241,7 +256,12 @@ def main():
# infura = None, rpc = None, rpctls = None
# solc_args = None, dynld = None, max_recursion_depth = 12):
mythril = Mythril(solv=args.solv, dynld=args.dynld, solc_args=args.solc_args)
mythril = Mythril(
solv=args.solv,
dynld=args.dynld,
solc_args=args.solc_args,
enable_online_lookup=args.query_signature,
)
if args.dynld and not (args.rpc or args.i):
mythril.set_api_from_config_path()

@ -1,8 +1,8 @@
import logging
from typing import Union
from z3 import simplify, BitVecRef, BitVecNumRef, BoolRef
from z3 import simplify, BitVecRef, BitVecNumRef, BoolRef, Extract
import mythril.laser.ethereum.util as util
from mythril.laser.ethereum.state import Account, CalldataType, GlobalState
from mythril.laser.ethereum.state import Account, CalldataType, GlobalState, Calldata
from mythril.support.loader import DynLoader
import re
@ -125,7 +125,7 @@ def get_callee_account(
try:
code = dynamic_loader.dynld(environment.active_account.address, callee_address)
except Exception as e:
except Exception:
logging.debug("Unable to execute dynamic loader.")
raise ValueError()
if code is None:
@ -156,21 +156,33 @@ def get_call_data(
:return: Tuple containing: call_data array from memory or empty array if symbolic, type found
"""
state = global_state.mstate
transaction_id = "{}_internalcall".format(global_state.current_transaction.id)
try:
# TODO: This only allows for either fully concrete or fully symbolic calldata.
# Improve management of memory and callata to support a mix between both types.
call_data = state.memory[
calldata_from_mem = state.memory[
util.get_concrete_int(memory_start) : util.get_concrete_int(
memory_start + memory_size
)
]
if len(call_data) < 32 and pad:
call_data += [0] * (32 - len(call_data))
i = 0
starting_calldata = []
while i < len(calldata_from_mem):
elem = calldata_from_mem[i]
if isinstance(elem, int):
starting_calldata.append(elem)
i += 1
else: # BitVec
for j in range(0, elem.size(), 8):
starting_calldata.append(Extract(j + 7, j, elem))
i += 1
call_data = Calldata(transaction_id, starting_calldata)
call_data_type = CalldataType.CONCRETE
logging.debug("Calldata: " + str(call_data))
except TypeError:
logging.info("Unsupported symbolic calldata offset")
call_data_type = CalldataType.SYMBOLIC
call_data = []
call_data = Calldata("{}_internalcall".format(transaction_id))
return call_data, call_data_type

@ -38,9 +38,11 @@ class Node:
code = ""
for state in self.states:
instruction = state.get_current_instruction()
code += str(instruction["address"]) + " " + instruction["opcode"]
if instruction["opcode"].startswith("PUSH"):
code += " " + instruction["argument"]
code += "\\n"
return dict(

@ -38,13 +38,14 @@ from mythril.laser.ethereum.evm_exceptions import (
InvalidInstruction,
)
from mythril.laser.ethereum.keccak import KeccakFunctionManager
from mythril.laser.ethereum.state import GlobalState, CalldataType
from mythril.laser.ethereum.state import GlobalState, CalldataType, Calldata
from mythril.laser.ethereum.transaction import (
MessageCallTransaction,
TransactionStartSignal,
ContractCreationTransaction,
)
from mythril.support.loader import DynLoader
from mythril.analysis.solver import get_model
TT256 = 2 ** 256
TT256M1 = 2 ** 256 - 1
@ -162,7 +163,6 @@ class Instruction:
op1 = If(op1, BitVecVal(1, 256), BitVecVal(0, 256))
if type(op2) == BoolRef:
op2 = If(op2, BitVecVal(1, 256), BitVecVal(0, 256))
stack.append(op1 & op2)
return [global_state]
@ -314,8 +314,8 @@ class Instruction:
@StateTransition()
def exp_(self, global_state: GlobalState) -> List[GlobalState]:
state = global_state.mstate
base, exponent = util.pop_bitvec(state), util.pop_bitvec(state)
if (type(base) != BitVecNumRef) or (type(exponent) != BitVecNumRef):
state.stack.append(
global_state.new_bitvec(
@ -423,89 +423,14 @@ class Instruction:
environment = global_state.environment
op0 = state.stack.pop()
try:
offset = util.get_concrete_int(simplify(op0))
b = environment.calldata[offset]
except TypeError:
logging.debug("CALLDATALOAD: Unsupported symbolic index")
state.stack.append(
global_state.new_bitvec(
"calldata_"
+ str(environment.active_account.contract_name)
+ "["
+ str(simplify(op0))
+ "]",
256,
)
)
return [global_state]
except IndexError:
logging.debug("Calldata not set, using symbolic variable instead")
state.stack.append(
global_state.new_bitvec(
"calldata_"
+ str(environment.active_account.contract_name)
+ "["
+ str(simplify(op0))
+ "]",
256,
)
)
return [global_state]
if type(b) == int:
try:
val = b"".join(
[
calldata.to_bytes(1, byteorder="big")
for calldata in environment.calldata[offset : offset + 32]
]
)
logging.debug(
"Final value: " + str(int.from_bytes(val, byteorder="big"))
)
state.stack.append(BitVecVal(int.from_bytes(val, byteorder="big"), 256))
except (TypeError, AttributeError):
state.stack.append(
global_state.new_bitvec(
"calldata_"
+ str(environment.active_account.contract_name)
+ "["
+ str(simplify(op0))
+ "]",
256,
)
)
else:
# symbolic variable
state.stack.append(
global_state.new_bitvec(
"calldata_"
+ str(environment.active_account.contract_name)
+ "["
+ str(simplify(op0))
+ "]",
256,
)
)
state.stack.append(environment.calldata.get_word_at(op0))
return [global_state]
@StateTransition()
def calldatasize_(self, global_state: GlobalState) -> List[GlobalState]:
state = global_state.mstate
environment = global_state.environment
if environment.calldata_type == CalldataType.SYMBOLIC:
state.stack.append(
global_state.new_bitvec(
"calldatasize_" + environment.active_account.contract_name, 256
)
)
else:
state.stack.append(BitVecVal(len(environment.calldata), 256))
state.stack.append(environment.calldata.calldatasize)
return [global_state]
@StateTransition()
@ -536,7 +461,7 @@ class Instruction:
size = simplify(op2)
size_sym = True
if dstart_sym or size_sym:
if size_sym:
state.mem_extend(mstart, 1)
state.memory[mstart] = global_state.new_bitvec(
"calldata_"
@ -574,11 +499,17 @@ class Instruction:
return [global_state]
try:
i_data = environment.calldata[dstart]
i_data = dstart
new_memory = []
for i in range(size):
new_memory.append(environment.calldata[i_data])
i_data = (
i_data + 1 if isinstance(i_data, int) else simplify(i_data + 1)
)
for i in range(mstart, mstart + size):
state.memory[i] = environment.calldata[i_data]
i_data += 1
for i in range(0, len(new_memory), 32):
state.memory[i + mstart] = simplify(Concat(new_memory[i : i + 32]))
except IndexError:
logging.debug("Exception copying calldata to memory")
@ -636,7 +567,6 @@ class Instruction:
global keccak_function_manager
state = global_state.mstate
environment = global_state.environment
op0, op1 = state.stack.pop(), state.stack.pop()
try:
@ -886,12 +816,9 @@ class Instruction:
try:
# Attempt to concretize value
_bytes = util.concrete_int_to_bytes(value)
state.memory[mstart : mstart + len(_bytes)] = _bytes
except (AttributeError, TypeError):
except:
try:
state.memory[mstart] = value
except TypeError:
@ -1161,7 +1088,7 @@ class Instruction:
state = global_state.mstate
dpth = int(self.op_code[3:])
state.stack.pop(), state.stack.pop()
[state.stack.pop() for x in range(dpth)]
[state.stack.pop() for _ in range(dpth)]
# Not supported
return [global_state]

@ -1,6 +1,7 @@
from z3 import ExprRef, BitVecRef
class KeccakFunctionManager:
def __init__(self):
self.keccak_expression_mapping = {}

@ -87,4 +87,4 @@ def native_contracts(address: int, data: List):
takes integer address 1, 2, 3, 4
"""
functions = (ecrecover, sha256, ripemd160, identity)
return functions[address - 1](data)
return functions[address - 1](data.starting_calldata)

@ -1,10 +1,29 @@
from z3 import BitVec, BitVecVal, BitVecRef, BitVecNumRef, Solver, ExprRef, sat
from z3 import (
BitVec,
BitVecVal,
BitVecRef,
BitVecNumRef,
BitVecSort,
Solver,
ExprRef,
Concat,
sat,
simplify,
Array,
ForAll,
Solver,
UGT,
Implies,
)
from z3.z3types import Z3Exception
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.cfg import Node
from copy import copy, deepcopy
from enum import Enum
from random import randint
from typing import KeysView, Dict, List, Union, Any
from mythril.laser.ethereum.util import get_concrete_int
from mythril.laser.ethereum.evm_exceptions import (
StackOverflowException,
StackUnderflowException,
@ -16,6 +35,88 @@ class CalldataType(Enum):
SYMBOLIC = 2
class Calldata:
"""
Calldata class representing the calldata of a transaction
"""
def __init__(self, tx_id, starting_calldata=None):
"""
Constructor for Calldata
:param tx_id: unique value representing the transaction the calldata is for
:param starting_calldata: byte array representing the concrete calldata of a transaction
"""
self.tx_id = tx_id
if starting_calldata:
self._calldata = []
self.calldatasize = BitVecVal(len(starting_calldata), 256)
self.concrete = True
else:
self._calldata = Array(
"{}_calldata".format(self.tx_id), BitVecSort(256), BitVecSort(8)
)
self.calldatasize = BitVec("{}_calldatasize".format(self.tx_id), 256)
self.concrete = False
self.starting_calldata = starting_calldata or []
@property
def constraints(self):
constraints = []
if self.concrete:
for calldata_byte in self.starting_calldata:
if type(calldata_byte) == int:
self._calldata.append(BitVecVal(calldata_byte, 8))
else:
self._calldata.append(calldata_byte)
constraints.append(self.calldatasize == len(self.starting_calldata))
else:
x = BitVec("x", 256)
constraints.append(
ForAll(x, Implies(self[x] != 0, UGT(self.calldatasize, x)))
)
return constraints
def concretized(self, model):
result = []
for i in range(
get_concrete_int(model.eval(self.calldatasize, model_completion=True))
):
result.append(get_concrete_int(model.eval(self[i], model_completion=True)))
return result
def get_word_at(self, index: int):
return self[index : index + 32]
def __getitem__(self, item):
if isinstance(item, slice):
try:
current_index = (
item.start
if isinstance(item.start, BitVecRef)
else BitVecVal(item.start, 256)
)
dataparts = []
while simplify(current_index != item.stop):
dataparts.append(self[current_index])
current_index = simplify(current_index + 1)
except Z3Exception:
raise IndexError("Invalid Calldata Slice")
return simplify(Concat(dataparts))
if self.concrete:
try:
return self._calldata[get_concrete_int(item)]
except IndexError:
return BitVecVal(0, 8)
else:
return self._calldata[item]
class Storage:
"""
Storage class represents the storage of an Account
@ -339,7 +440,6 @@ class GlobalState:
def new_bitvec(self, name: str, size=256) -> BitVec:
transaction_id = self.current_transaction.id
node_id = self.node.uid
return BitVec("{}_{}".format(transaction_id, name), size)

@ -0,0 +1,25 @@
from abc import ABC, abstractmethod
class BasicSearchStrategy(ABC):
__slots__ = "work_list", "max_depth"
def __init__(self, work_list, max_depth):
self.work_list = work_list
self.max_depth = max_depth
def __iter__(self):
return self
@abstractmethod
def get_strategic_global_state(self):
raise NotImplementedError("Must be implemented by a subclass")
def __next__(self):
try:
global_state = self.get_strategic_global_state()
if global_state.mstate.depth >= self.max_depth:
return self.__next__()
return global_state
except IndexError:
raise StopIteration

@ -3,55 +3,75 @@ This module implements basic symbolic execution search strategies
"""
from ..state import GlobalState
from typing import List
from random import randrange
from . import BasicSearchStrategy
try:
from random import choices
except ImportError:
class DepthFirstSearchStrategy:
# This is for supporting python versions < 3.6
from itertools import accumulate
from random import random
from bisect import bisect
def choices(population, weights=None):
"""
Returns a random element out of the population based on weight.
If the relative weights or cumulative weights are not specified,
the selections are made with equal probability.
"""
if weights is None:
return [population[int(random() * len(population))]]
cum_weights = accumulate(weights)
return [
population[
bisect(cum_weights, random() * cum_weights[-1], 0, len(population) - 1)
]
]
class DepthFirstSearchStrategy(BasicSearchStrategy):
"""
Implements a depth first search strategy
I.E. Follow one path to a leaf, and then continue to the next one
"""
def __init__(self, work_list: List[GlobalState], max_depth: float):
self.work_list = work_list
self.max_depth = max_depth
def __iter__(self):
return self
def get_strategic_global_state(self) -> GlobalState:
return self.work_list.pop()
def __next__(self) -> GlobalState:
""" Picks the next state to execute """
try:
# This strategies assumes that new states are appended at the end of the work_list
# By taking the last element we effectively pick the "newest" states, which amounts to dfs
global_state = self.work_list.pop()
if global_state.mstate.depth >= self.max_depth:
return self.__next__()
return global_state
except IndexError:
raise StopIteration()
class BreadthFirstSearchStrategy:
class BreadthFirstSearchStrategy(BasicSearchStrategy):
"""
Implements a breadth first search strategy
I.E. Execute all states of a "level" before continuing
"""
def __init__(self, work_list: List[GlobalState], max_depth: float):
self.work_list = work_list
self.max_depth = max_depth
def __iter__(self) -> "BreadthFirstSearchStrategy":
return self
def __next__(self) -> GlobalState:
""" Picks the next state to execute """
try:
# This strategies assumes that new states are appended at the end of the work_list
# By taking the first element we effectively pick the "oldest" states, which amounts to bfs
global_state = self.work_list.pop(0)
if global_state.mstate.depth >= self.max_depth:
return self.__next__()
return global_state
except IndexError:
raise StopIteration()
def get_strategic_global_state(self) -> GlobalState:
return self.work_list.pop(0)
class ReturnRandomNaivelyStrategy(BasicSearchStrategy):
"""
chooses a random state from the worklist with equal likelihood
"""
def get_strategic_global_state(self) -> GlobalState:
if len(self.work_list) > 0:
return self.work_list.pop(randrange(len(self.work_list)))
else:
raise IndexError
class ReturnWeightedRandomStrategy(BasicSearchStrategy):
"""
chooses a random state from the worklist with likelihood based on inverse proportion to depth
"""
def get_strategic_global_state(self) -> GlobalState:
probability_distribution = [
1 / (global_state.mstate.depth + 1) for global_state in self.work_list
]
return self.work_list.pop(
choices(range(len(self.work_list)), probability_distribution)[0]
)

@ -1,5 +1,6 @@
import logging
from typing import List, Tuple, Union, Callable
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.state import WorldState, GlobalState
from mythril.laser.ethereum.transaction import (
TransactionStartSignal,
@ -105,7 +106,7 @@ class LaserEVM:
if len(self.open_states) == 0:
logging.warning(
"No contract was created during the execution of contract creation "
"Increase the resources for creation execution (--max-depth or --create_timeout)"
"Increase the resources for creation execution (--max-depth or --create-timeout)"
)
# Reset code coverage
@ -353,10 +354,11 @@ class LaserEVM:
environment = state.environment
disassembly = environment.code
if address in state.environment.code.addr_to_func:
if address in disassembly.address_to_function_name:
# Enter a new function
environment.active_function_name = disassembly.addr_to_func[address]
environment.active_function_name = disassembly.address_to_function_name[
address
]
new_node.flags |= NodeFlags.FUNC_ENTRY
logging.debug(

@ -8,6 +8,7 @@ from mythril.laser.ethereum.state import GlobalState, Environment
from mythril.analysis.symbolic import SymExecWrapper
class TaintRecord:
"""
TaintRecord contains tainting information for a specific (state, node)

@ -10,6 +10,7 @@ from mythril.laser.ethereum.state import (
CalldataType,
Account,
WorldState,
Calldata,
)
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.cfg import Node, Edge, JumpType
@ -32,12 +33,13 @@ def execute_message_call(
del laser_evm.open_states[:]
for open_world_state in open_states:
next_transaction_id = get_next_transaction_id()
transaction = MessageCallTransaction(
identifier=get_next_transaction_id(),
identifier=next_transaction_id,
world_state=open_world_state,
callee_account=open_world_state[callee_address],
caller=caller_address,
call_data=data,
call_data=Calldata(next_transaction_id, data),
gas_price=gas_price,
call_value=value,
origin=origin_address,

@ -3,7 +3,7 @@ from logging import debug
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.cfg import Node, Edge, JumpType
from mythril.laser.ethereum.state import CalldataType, Account
from mythril.laser.ethereum.state import CalldataType, Account, Calldata
from mythril.laser.ethereum.transaction.transaction_models import (
MessageCallTransaction,
ContractCreationTransaction,
@ -28,7 +28,7 @@ def execute_message_call(laser_evm, callee_address: str) -> None:
callee_account=open_world_state[callee_address],
caller=BitVec("caller{}".format(next_transaction_id), 256),
identifier=next_transaction_id,
call_data=[],
call_data=Calldata(next_transaction_id),
gas_price=BitVec("gas_price{}".format(next_transaction_id), 256),
call_value=BitVec("call_value{}".format(next_transaction_id), 256),
origin=BitVec("origin{}".format(next_transaction_id), 256),

@ -1,7 +1,7 @@
import logging
from typing import Union
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.state import GlobalState, Environment, WorldState, Account
from mythril.laser.ethereum.state import GlobalState, Environment, WorldState, Account, Calldata
from z3 import BitVec, BitVecNumRef
import array
@ -42,7 +42,7 @@ class MessageCallTransaction:
world_state: WorldState,
callee_account: Account,
caller: BitVecNumRef,
call_data=(),
call_data=None,
identifier=None,
gas_price=None,
call_value=None,
@ -55,7 +55,11 @@ class MessageCallTransaction:
self.world_state = world_state
self.callee_account = callee_account
self.caller = caller
self.call_data = call_data
self.call_data = (
Calldata(self.id, call_data)
if not isinstance(call_data, Calldata)
else call_data
)
self.gas_price = (
BitVec("gasprice{}".format(identifier), 256)
if gas_price is None
@ -92,6 +96,9 @@ class MessageCallTransaction:
global_state = GlobalState(self.world_state, environment, None)
global_state.environment.active_function_name = "fallback"
global_state.mstate.constraints.extend(
global_state.environment.calldata.constraints
)
return global_state
@ -110,7 +117,7 @@ class ContractCreationTransaction:
identifier=None,
callee_account=None,
code=None,
call_data=(),
call_data=None,
gas_price=None,
call_value=None,
origin=None,
@ -147,7 +154,11 @@ class ContractCreationTransaction:
else call_data_type
)
self.call_data = call_data
self.call_data = (
Calldata(self.id, call_data)
if not isinstance(call_data, Calldata)
else call_data
)
self.origin = origin
self.code = code
self.return_data = None

@ -2,7 +2,6 @@ import re
from z3 import *
import logging
from typing import Union, List, Dict
from mythril.laser.ethereum.state import MachineState
import sha3 as _sha3
@ -38,14 +37,14 @@ def get_instruction_index(
return None
def get_trace_line(instr: Dict, state: MachineState) -> str:
def get_trace_line(instr: Dict, state: "MachineState") -> str:
stack = str(state.stack[::-1])
# stack = re.sub("(\d+)", lambda m: hex(int(m.group(1))), stack)
stack = re.sub("\n", "", stack)
return str(instr["address"]) + " " + instr["opcode"] + "\tSTACK: " + stack
def pop_bitvec(state: MachineState) -> BitVecVal:
def pop_bitvec(state: "MachineState") -> BitVecVal:
# pop one element from stack, converting boolean expressions and
# concrete Python variables to BitVecVal
@ -85,18 +84,20 @@ def get_concrete_int(item: Union[int, BitVecNumRef, BoolRef]) -> int:
def concrete_int_from_bytes(_bytes: bytes, start_index: int) -> int:
# logging.debug("-- concrete_int_from_bytes: " + str(_bytes[start_index:start_index+32]))
b = _bytes[start_index : start_index + 32]
val = int.from_bytes(b, byteorder="big")
return val
def concrete_int_to_bytes(val: int) -> bytes:
if isinstance(val, int):
def concrete_int_to_bytes(val):
# logging.debug("concrete_int_to_bytes " + str(val))
if type(val) == int:
return val.to_bytes(32, byteorder="big")
return (simplify(val).as_long()).to_bytes(32, byteorder="big")
def bytearray_to_int(arr: bytearray) -> int:
def bytearray_to_int(arr):
o = 0
for a in arr:
o = (o << 8) + a

@ -77,18 +77,23 @@ class Mythril(object):
"""
def __init__(self, solv=None, solc_args=None, dynld=False):
def __init__(
self, solv=None, solc_args=None, dynld=False, enable_online_lookup=False
):
self.solv = solv
self.solc_args = solc_args
self.dynld = dynld
self.enable_online_lookup = enable_online_lookup
self.mythril_dir = self._init_mythril_dir()
self.sigs = signatures.SignatureDb()
self.sigs = signatures.SignatureDb(
enable_online_lookup=self.enable_online_lookup
)
try:
self.sigs.open() # tries mythril_dir/signatures.json by default (provide path= arg to make this configurable)
except FileNotFoundError as fnfe:
except FileNotFoundError:
logging.info(
"No signature database found. Creating database if sigs are loaded in: "
+ self.sigs.signatures_file
@ -291,8 +296,7 @@ class Mythril(object):
self.set_api_rpc(dynamic_loading)
def search_db(self, search):
def search_callback(contract, address, balance):
def search_callback(_, address, balance):
print("Address: " + address + ", balance: " + str(balance))
try:
@ -309,7 +313,11 @@ class Mythril(object):
def load_from_bytecode(self, code):
address = util.get_indexed_address(0)
self.contracts.append(ETHContract(code, name="MAIN"))
self.contracts.append(
ETHContract(
code, name="MAIN", enable_online_lookup=self.enable_online_lookup
)
)
return address, self.contracts[-1] # return address and contract object
def load_from_address(self, address):
@ -320,7 +328,7 @@ class Mythril(object):
code = self.eth.eth_getCode(address)
except FileNotFoundError as e:
raise CriticalError("IPC error: " + str(e))
except ConnectionError as e:
except ConnectionError:
raise CriticalError(
"Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly."
)
@ -332,7 +340,13 @@ class Mythril(object):
"Received an empty response from eth_getCode. Check the contract address and verify that you are on the correct chain."
)
else:
self.contracts.append(ETHContract(code, name=address))
self.contracts.append(
ETHContract(
code,
name=address,
enable_online_lookup=self.enable_online_lookup,
)
)
return address, self.contracts[-1] # return address and contract object
def load_from_solidity(self, solidity_files):
@ -541,7 +555,7 @@ class Mythril(object):
)
except FileNotFoundError as e:
raise CriticalError("IPC error: " + str(e))
except ConnectionError as e:
except ConnectionError:
raise CriticalError(
"Could not connect to RPC server. Make sure that your node is running and that RPC parameters are set correctly."
)

@ -11,7 +11,6 @@ from subprocess import Popen, PIPE
from mythril.exceptions import CompilerError
# todo: tintinweb - make this a normal requirement? (deps: eth-abi and requests, both already required by mythril)
try:
# load if available but do not fail
import ethereum_input_decoder
@ -54,7 +53,7 @@ except ImportError:
class SignatureDb(object):
def __init__(self, enable_online_lookup=True):
def __init__(self, enable_online_lookup=False):
"""
Constr
:param enable_online_lookup: enable onlien signature hash lookup
@ -191,9 +190,12 @@ class SignatureDb(object):
"online function signature lookup not available. will not try to lookup hash for the next 2 minutes. exception: %r"
% fbdole
)
if sighash not in self.signatures:
return []
if type(self.signatures[sighash]) != list:
return [self.signatures[sighash]]
return self.signatures[sighash] # raise keyerror
return self.signatures[sighash]
def __getitem__(self, item):
"""

@ -4,6 +4,7 @@ coverage
eth_abi>=1.0.0
eth-account>=0.1.0a2
ethereum>=2.3.2
ethereum-input-decoder>=0.2.2
eth-hash>=0.1.0
eth-keyfile>=0.5.1
eth-keys>=0.2.0b3

@ -96,6 +96,7 @@ setup(
"mock",
"configparser>=3.5.0",
"persistent>=4.2.0",
"ethereum-input-decoder>=0.2.2",
],
tests_require=["pytest>=3.6.0", "pytest_mock", "pytest-cov"],
python_requires=">=3.5",

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

@ -199,7 +199,7 @@ def test_delegate_call(sym_mock, concrete_mock, curr_instruction):
statespace.calls = [call]
# act
issues = execute(statespace)
execute(statespace)
# assert
assert concrete_mock.call_count == 1

@ -29,10 +29,7 @@ class TruffleTestCase(BaseTestCase):
command = "cd {}; truffle compile; python3 {} --truffle".format(
truffle_project_root, MYTH
)
self.assertIn(
"In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.",
output_of(command),
)
self.assertIn("=== Ether send ====", output_of(command))
class InfuraTestCase(BaseTestCase):

@ -0,0 +1,61 @@
from mythril.disassembler.disassembly import *
instruction_list = [
{"opcode": "PUSH4", "argument": "0x10203040"},
{"opcode": "EQ"},
{"opcode": "PUSH4", "argument": "0x40302010"},
{"opcode": "JUMPI"},
]
def test_get_function_info(mocker):
# Arrange
global instruction_list
signature_database_mock = SignatureDb()
mocker.patch.object(signature_database_mock, "get")
signature_database_mock.get.return_value = ["function_name"]
# Act
function_hash, entry_point, function_name = get_function_info(
0, instruction_list, signature_database_mock
)
# Assert
assert function_hash == "0x10203040"
assert entry_point == 0x40302010
assert function_name == "function_name"
def test_get_function_info_multiple_names(mocker):
# Arrange
global instruction_list
signature_database_mock = SignatureDb()
mocker.patch.object(signature_database_mock, "get")
signature_database_mock.get.return_value = ["function_name", "another_name"]
# Act
function_hash, entry_point, function_name = get_function_info(
0, instruction_list, signature_database_mock
)
# Assert
assert function_name == "**ambiguous** function_name"
def test_get_function_info_no_names(mocker):
# Arrange
global instruction_list
signature_database_mock = SignatureDb()
mocker.patch.object(signature_database_mock, "get")
signature_database_mock.get.return_value = []
# Act
function_hash, entry_point, function_name = get_function_info(
0, instruction_list, signature_database_mock
)
# Assert
assert function_name == "_function_0x10203040"

@ -3,8 +3,8 @@ from mythril.laser.ethereum.svm import LaserEVM
from mythril.laser.ethereum.state import Account
from mythril.disassembler.disassembly import Disassembly
from mythril.laser.ethereum.transaction.concolic import execute_message_call
from mythril.analysis.solver import get_model
from datetime import datetime
from mythril.laser.ethereum.util import get_concrete_int
import binascii
import json
from pathlib import Path
@ -83,6 +83,7 @@ def test_vmtest(
return
world_state = laser_evm.open_states[0]
model = get_model(next(iter(laser_evm.nodes.values())).states[0].mstate.constraints)
for address, details in post_condition.items():
account = world_state[address]
@ -92,5 +93,9 @@ def test_vmtest(
for index, value in details["storage"].items():
expected = int(value, 16)
actual = get_concrete_int(account.storage[int(index, 16)])
if type(account.storage[int(index, 16)]) != int:
actual = model.eval(account.storage[int(index, 16)])
actual = 1 if actual == True else 0 if actual == False else actual
else:
actual = account.storage[int(index, 16)]
assert actual == expected

@ -0,0 +1,102 @@
import pytest
from mythril.laser.ethereum.state import Calldata
from z3 import Solver, simplify
from z3.z3types import Z3Exception
uninitialized_test_data = [
([]), # Empty concrete calldata
([1, 4, 5, 3, 4, 72, 230, 53]), # Concrete calldata
]
@pytest.mark.parametrize("starting_calldata", uninitialized_test_data)
def test_concrete_calldata_uninitialized_index(starting_calldata):
# Arrange
calldata = Calldata(0, starting_calldata)
solver = Solver()
# Act
value = calldata[100]
value2 = calldata.get_word_at(200)
solver.add(calldata.constraints)
solver.check()
model = solver.model()
value = model.eval(value)
value2 = model.eval(value2)
# Assert
assert value == 0
assert value2 == 0
def test_concrete_calldata_calldatasize():
# Arrange
calldata = Calldata(0, [1, 4, 7, 3, 7, 2, 9])
solver = Solver()
# Act
solver.add(calldata.constraints)
solver.check()
model = solver.model()
result = model.eval(calldata.calldatasize)
# Assert
assert result == 7
def test_symbolic_calldata_constrain_index():
# Arrange
calldata = Calldata(0)
solver = Solver()
# Act
constraint = calldata[100] == 50
value = calldata[100]
solver.add(calldata.constraints + [constraint])
solver.check()
model = solver.model()
value = model.eval(value)
calldatasize = model.eval(calldata.calldatasize)
# Assert
assert value == 50
assert simplify(calldatasize >= 100)
def test_concrete_calldata_constrain_index():
# Arrange
calldata = Calldata(0, [1, 4, 7, 3, 7, 2, 9])
solver = Solver()
# Act
constraint = calldata[2] == 3
solver.add(calldata.constraints + [constraint])
result = solver.check()
# Assert
assert str(result) == "unsat"
def test_concrete_calldata_constrain_index():
# Arrange
calldata = Calldata(0)
solver = Solver()
# Act
constraints = []
constraints.append(calldata[51] == 1)
constraints.append(calldata.calldatasize == 50)
solver.add(calldata.constraints + constraints)
result = solver.check()
# Assert
assert str(result) == "unsat"

@ -44,7 +44,7 @@ class MachineStackTest(BaseTestCase):
mstack = MachineStack([0, 1])
with pytest.raises(NotImplementedError):
mstack = mstack + [2]
mstack + [2]
@staticmethod
def test_mstack_no_support_iadd():

@ -59,7 +59,7 @@ def test_execute_contract_creation(mocked_setup: MagicMock):
mocked_setup.side_effect = _is_contract_creation
# Act
new_account = execute_contract_creation(laser_evm, "606000")
execute_contract_creation(laser_evm, "606000")
# Assert
# mocked_setup.assert_called()

@ -23,7 +23,7 @@ def _fix_debug_data(json_str):
def _generate_report(input_file):
contract = ETHContract(input_file.read_text())
contract = ETHContract(input_file.read_text(), enable_online_lookup=False)
sym = SymExecWrapper(
contract,
address=(util.get_indexed_address(0)),
@ -43,7 +43,9 @@ def _generate_report(input_file):
def reports():
""" Fixture that analyses all reports"""
pool = Pool(cpu_count())
input_files = sorted([f for f in TESTDATA_INPUTS.iterdir()])
input_files = sorted(
[f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"]
)
results = pool.map(_generate_report, input_files)
return results

@ -69,7 +69,7 @@ class SVMTestCase(BaseTestCase):
def test_laser_result(self):
for input_file in TESTDATA_INPUTS_CONTRACTS.iterdir():
if input_file.name == "weak_random.sol":
if input_file.name in ["weak_random.sol", "environments.sol"]:
continue
output_expected = TESTDATA_OUTPUTS_EXPECTED_LASER_RESULT / (
input_file.name + ".json"

File diff suppressed because one or more lines are too long

@ -1 +1 @@
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

@ -42,7 +42,7 @@ This contract executes a message call to an address found at storage slot 1. Thi
### Description
A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
## Unchecked CALL return value
- SWC ID: 104

@ -31,7 +31,7 @@ Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 779
A possible transaction order dependence vulnerability exists in function _function_0xd24b08cc. The value or direction of the call statement is determined from a tainted storage location
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
--------------------
==== Unchecked CALL return value ====

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

@ -1 +1 @@
{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

@ -9,9 +9,7 @@
### Description
In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.
There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
## Integer Overflow
- SWC ID: 101
@ -22,5 +20,4 @@ There is a check on storage index 1. This storage slot can be written to by call
### Description
A possible integer overflow exists in the function `invest()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
The arithmetic operation can result in integer overflow.

@ -4,9 +4,7 @@ Type: Warning
Contract: Unknown
Function name: withdrawfunds()
PC address: 722
In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.
There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
--------------------
==== Integer Overflow ====
@ -15,7 +13,7 @@ Type: Warning
Contract: Unknown
Function name: invest()
PC address: 883
A possible integer overflow exists in the function `invest()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
The arithmetic operation can result in integer overflow.
--------------------

File diff suppressed because one or more lines are too long

@ -1 +1 @@
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}

@ -9,7 +9,7 @@
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
@ -20,7 +20,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
@ -31,7 +31,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
@ -42,4 +42,4 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

@ -4,7 +4,7 @@ Type: Informational
Contract: Unknown
Function name: _function_0x546455b5
PC address: 446
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
@ -13,7 +13,7 @@ Type: Informational
Contract: Unknown
Function name: _function_0x92dd38ea
PC address: 484
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
@ -22,7 +22,7 @@ Type: Informational
Contract: Unknown
Function name: _function_0xa08299f1
PC address: 506
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
@ -31,6 +31,6 @@ Type: Informational
Contract: Unknown
Function name: _function_0xb34c3610
PC address: 531
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

@ -1 +1 @@
{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 142, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "_function_0x8a4068dd", "swc_id": "105", "title": "Ether send", "type": "Warning"}], "success": true}

@ -9,5 +9,4 @@
### Description
In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.
It seems that this function can be called without restrictions.
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.

@ -4,7 +4,6 @@ Type: Warning
Contract: Unknown
Function name: _function_0x8a4068dd
PC address: 142
In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.
It seems that this function can be called without restrictions.
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
--------------------

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

@ -1 +1 @@
{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true}
{"error": null, "issues": [{"address": 317, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The function `transferOwnership(address)` retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", "function": "transferOwnership(address)", "swc_id": "115", "title": "Use of tx.origin", "type": "Warning"}], "success": true}

@ -0,0 +1,400 @@
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x0083
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x2776b163
60 EQ
61 PUSH2 0x0088
64 JUMPI
65 DUP1
66 PUSH4 0x379bf63c
71 EQ
72 PUSH2 0x00c1
75 JUMPI
76 DUP1
77 PUSH4 0x5a6814ec
82 EQ
83 PUSH2 0x0116
86 JUMPI
87 DUP1
88 PUSH4 0xb5d02c8a
93 EQ
94 PUSH2 0x012b
97 JUMPI
98 DUP1
99 PUSH4 0xd24b08cc
104 EQ
105 PUSH2 0x0180
108 JUMPI
109 DUP1
110 PUSH4 0xe11f493e
115 EQ
116 PUSH2 0x0195
119 JUMPI
120 DUP1
121 PUSH4 0xe1d10f79
126 EQ
127 PUSH2 0x01aa
130 JUMPI
131 JUMPDEST
132 PUSH1 0x00
134 DUP1
135 REVERT
136 JUMPDEST
137 CALLVALUE
138 ISZERO
139 PUSH2 0x0093
142 JUMPI
143 PUSH1 0x00
145 DUP1
146 REVERT
147 JUMPDEST
148 PUSH2 0x00bf
151 PUSH1 0x04
153 DUP1
154 DUP1
155 CALLDATALOAD
156 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
177 AND
178 SWAP1
179 PUSH1 0x20
181 ADD
182 SWAP1
183 SWAP2
184 SWAP1
185 POP
186 POP
187 PUSH2 0x01e3
190 JUMP
191 JUMPDEST
192 STOP
193 JUMPDEST
194 CALLVALUE
195 ISZERO
196 PUSH2 0x00cc
199 JUMPI
200 PUSH1 0x00
202 DUP1
203 REVERT
204 JUMPDEST
205 PUSH2 0x00d4
208 PUSH2 0x0227
211 JUMP
212 JUMPDEST
213 PUSH1 0x40
215 MLOAD
216 DUP1
217 DUP3
218 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
239 AND
240 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
261 AND
262 DUP2
263 MSTORE
264 PUSH1 0x20
266 ADD
267 SWAP2
268 POP
269 POP
270 PUSH1 0x40
272 MLOAD
273 DUP1
274 SWAP2
275 SUB
276 SWAP1
277 RETURN
278 JUMPDEST
279 CALLVALUE
280 ISZERO
281 PUSH2 0x0121
284 JUMPI
285 PUSH1 0x00
287 DUP1
288 REVERT
289 JUMPDEST
290 PUSH2 0x0129
293 PUSH2 0x024c
296 JUMP
297 JUMPDEST
298 STOP
299 JUMPDEST
300 CALLVALUE
301 ISZERO
302 PUSH2 0x0136
305 JUMPI
306 PUSH1 0x00
308 DUP1
309 REVERT
310 JUMPDEST
311 PUSH2 0x013e
314 PUSH2 0x029b
317 JUMP
318 JUMPDEST
319 PUSH1 0x40
321 MLOAD
322 DUP1
323 DUP3
324 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
345 AND
346 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
367 AND
368 DUP2
369 MSTORE
370 PUSH1 0x20
372 ADD
373 SWAP2
374 POP
375 POP
376 PUSH1 0x40
378 MLOAD
379 DUP1
380 SWAP2
381 SUB
382 SWAP1
383 RETURN
384 JUMPDEST
385 CALLVALUE
386 ISZERO
387 PUSH2 0x018b
390 JUMPI
391 PUSH1 0x00
393 DUP1
394 REVERT
395 JUMPDEST
396 PUSH2 0x0193
399 PUSH2 0x02c1
402 JUMP
403 JUMPDEST
404 STOP
405 JUMPDEST
406 CALLVALUE
407 ISZERO
408 PUSH2 0x01a0
411 JUMPI
412 PUSH1 0x00
414 DUP1
415 REVERT
416 JUMPDEST
417 PUSH2 0x01a8
420 PUSH2 0x0311
423 JUMP
424 JUMPDEST
425 STOP
426 JUMPDEST
427 CALLVALUE
428 ISZERO
429 PUSH2 0x01b5
432 JUMPI
433 PUSH1 0x00
435 DUP1
436 REVERT
437 JUMPDEST
438 PUSH2 0x01e1
441 PUSH1 0x04
443 DUP1
444 DUP1
445 CALLDATALOAD
446 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
467 AND
468 SWAP1
469 PUSH1 0x20
471 ADD
472 SWAP1
473 SWAP2
474 SWAP1
475 POP
476 POP
477 PUSH2 0x0368
480 JUMP
481 JUMPDEST
482 STOP
483 JUMPDEST
484 DUP1
485 PUSH1 0x01
487 PUSH1 0x00
489 PUSH2 0x0100
492 EXP
493 DUP2
494 SLOAD
495 DUP2
496 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
517 MUL
518 NOT
519 AND
520 SWAP1
521 DUP4
522 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
543 AND
544 MUL
545 OR
546 SWAP1
547 SSTORE
548 POP
549 POP
550 JUMP
551 JUMPDEST
552 PUSH1 0x00
554 DUP1
555 SWAP1
556 SLOAD
557 SWAP1
558 PUSH2 0x0100
561 EXP
562 SWAP1
563 DIV
564 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
585 AND
586 DUP2
587 JUMP
588 JUMPDEST
589 PUSH1 0x00
591 DUP1
592 SWAP1
593 SLOAD
594 SWAP1
595 PUSH2 0x0100
598 EXP
599 SWAP1
600 DIV
601 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
622 AND
623 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
644 AND
645 PUSH1 0x40
647 MLOAD
648 PUSH1 0x00
650 PUSH1 0x40
652 MLOAD
653 DUP1
654 DUP4
655 SUB
656 DUP2
657 PUSH1 0x00
659 DUP7
660 GAS
661 CALL
662 SWAP2
663 POP
664 POP
665 POP
666 JUMP
667 JUMPDEST
668 PUSH1 0x01
670 PUSH1 0x00
672 SWAP1
673 SLOAD
674 SWAP1
675 PUSH2 0x0100
678 EXP
679 SWAP1
680 DIV
681 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
702 AND
703 DUP2
704 JUMP
705 JUMPDEST
706 PUSH1 0x01
708 PUSH1 0x00
710 SWAP1
711 SLOAD
712 SWAP1
713 PUSH2 0x0100
716 EXP
717 SWAP1
718 DIV
719 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
740 AND
741 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
762 AND
763 PUSH1 0x40
765 MLOAD
766 PUSH1 0x00
768 PUSH1 0x40
770 MLOAD
771 DUP1
772 DUP4
773 SUB
774 DUP2
775 PUSH1 0x00
777 DUP7
778 GAS
779 CALL
780 SWAP2
781 POP
782 POP
783 POP
784 JUMP
785 JUMPDEST
786 PUSH1 0x00
788 DUP1
789 SWAP1
790 SLOAD
791 SWAP1
792 PUSH2 0x0100
795 EXP
796 SWAP1
797 DIV
798 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
819 AND
820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
841 AND
842 PUSH1 0x40
844 MLOAD
845 PUSH1 0x00
847 PUSH1 0x40
849 MLOAD
850 DUP1
851 DUP4
852 SUB
853 DUP2
854 PUSH1 0x00
856 DUP7
857 GAS
858 CALL
859 SWAP2
860 POP
861 POP
862 POP
863 PUSH1 0x00
865 PUSH1 0x02
867 DUP2
868 SWAP1
869 SSTORE
870 POP
871 JUMP
872 JUMPDEST
873 DUP1
874 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
895 AND
896 PUSH1 0x40
898 MLOAD
899 PUSH1 0x00
901 PUSH1 0x40
903 MLOAD
904 DUP1
905 DUP4
906 SUB
907 DUP2
908 PUSH1 0x00
910 DUP7
911 GAS
912 CALL
913 SWAP2
914 POP
915 POP
916 POP
917 POP
918 JUMP
919 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1 @@
{"error": null, "issues": [{"address": 661, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0x5a6814ec", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x5a6814ec", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 779, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location", "function": "_function_0xd24b08cc", "swc_id": "114", "title": "Transaction order dependence", "type": "Warning"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xd24b08cc", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 858, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "Message call to external contract", "type": "Informational"}, {"address": 869, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", "function": "_function_0xe11f493e", "swc_id": "107", "title": "State change after external call", "type": "Warning"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xe1d10f79", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe1d10f79", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

@ -0,0 +1,111 @@
# Analysis results for test-filename.sol
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x5a6814ec`
- PC address: 661
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x5a6814ec`
- PC address: 666
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
- PC address: 779
### Description
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Transaction order dependence
- SWC ID: 114
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
- PC address: 779
### Description
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
- PC address: 784
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 858
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## State change after external call
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 869
### Description
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 871
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe1d10f79`
- PC address: 912
### Description
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe1d10f79`
- PC address: 918
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.

@ -0,0 +1,90 @@
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0x5a6814ec
PC address: 661
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x5a6814ec
PC address: 666
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 779
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Transaction order dependence ====
SWC ID: 114
Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 779
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 784
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 858
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== State change after external call ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 869
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 871
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xe1d10f79
PC address: 912
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xe1d10f79
PC address: 918
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------

@ -0,0 +1,259 @@
0 PUSH1 0x80
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x004c
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x06661abd
60 EQ
61 PUSH2 0x0051
64 JUMPI
65 DUP1
66 PUSH4 0x83f12fec
71 EQ
72 PUSH2 0x007c
75 JUMPI
76 JUMPDEST
77 PUSH1 0x00
79 DUP1
80 REVERT
81 JUMPDEST
82 CALLVALUE
83 DUP1
84 ISZERO
85 PUSH2 0x005d
88 JUMPI
89 PUSH1 0x00
91 DUP1
92 REVERT
93 JUMPDEST
94 POP
95 PUSH2 0x0066
98 PUSH2 0x0104
101 JUMP
102 JUMPDEST
103 PUSH1 0x40
105 MLOAD
106 DUP1
107 DUP3
108 DUP2
109 MSTORE
110 PUSH1 0x20
112 ADD
113 SWAP2
114 POP
115 POP
116 PUSH1 0x40
118 MLOAD
119 DUP1
120 SWAP2
121 SUB
122 SWAP1
123 RETURN
124 JUMPDEST
125 CALLVALUE
126 DUP1
127 ISZERO
128 PUSH2 0x0088
131 JUMPI
132 PUSH1 0x00
134 DUP1
135 REVERT
136 JUMPDEST
137 POP
138 PUSH2 0x00ea
141 PUSH1 0x04
143 DUP1
144 CALLDATASIZE
145 SUB
146 DUP2
147 ADD
148 SWAP1
149 DUP1
150 DUP1
151 CALLDATALOAD
152 SWAP1
153 PUSH1 0x20
155 ADD
156 SWAP1
157 DUP3
158 ADD
159 DUP1
160 CALLDATALOAD
161 SWAP1
162 PUSH1 0x20
164 ADD
165 SWAP1
166 DUP1
167 DUP1
168 PUSH1 0x20
170 MUL
171 PUSH1 0x20
173 ADD
174 PUSH1 0x40
176 MLOAD
177 SWAP1
178 DUP2
179 ADD
180 PUSH1 0x40
182 MSTORE
183 DUP1
184 SWAP4
185 SWAP3
186 SWAP2
187 SWAP1
188 DUP2
189 DUP2
190 MSTORE
191 PUSH1 0x20
193 ADD
194 DUP4
195 DUP4
196 PUSH1 0x20
198 MUL
199 DUP1
200 DUP3
201 DUP5
202 CALLDATACOPY
203 DUP3
204 ADD
205 SWAP2
206 POP
207 POP
208 POP
209 POP
210 POP
211 POP
212 SWAP2
213 SWAP3
214 SWAP2
215 SWAP3
216 SWAP1
217 DUP1
218 CALLDATALOAD
219 SWAP1
220 PUSH1 0x20
222 ADD
223 SWAP1
224 SWAP3
225 SWAP2
226 SWAP1
227 POP
228 POP
229 POP
230 PUSH2 0x010a
233 JUMP
234 JUMPDEST
235 PUSH1 0x40
237 MLOAD
238 DUP1
239 DUP3
240 ISZERO
241 ISZERO
242 ISZERO
243 ISZERO
244 DUP2
245 MSTORE
246 PUSH1 0x20
248 ADD
249 SWAP2
250 POP
251 POP
252 PUSH1 0x40
254 MLOAD
255 DUP1
256 SWAP2
257 SUB
258 SWAP1
259 RETURN
260 JUMPDEST
261 PUSH1 0x00
263 SLOAD
264 DUP2
265 JUMP
266 JUMPDEST
267 PUSH1 0x00
269 DUP1
270 PUSH1 0x00
272 DUP5
273 MLOAD
274 SWAP2
275 POP
276 DUP4
277 DUP3
278 MUL
279 SWAP1
280 POP
281 PUSH1 0x00
283 DUP3
284 GT
285 DUP1
286 ISZERO
287 PUSH2 0x0129
290 JUMPI
291 POP
292 PUSH1 0x14
294 DUP3
295 GT
296 ISZERO
297 JUMPDEST
298 ISZERO
299 ISZERO
300 PUSH2 0x0134
303 JUMPI
304 PUSH1 0x00
306 DUP1
307 REVERT
308 JUMPDEST
309 DUP1
310 PUSH1 0x01
312 PUSH1 0x00
314 CALLER
315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
336 AND
337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
358 AND
359 DUP2
360 MSTORE
361 PUSH1 0x20
363 ADD
364 SWAP1
365 DUP2
366 MSTORE
367 PUSH1 0x20
369 ADD
370 PUSH1 0x00
372 SHA3
373 PUSH1 0x00
375 DUP3
376 DUP3
377 SLOAD
378 SUB
379 SWAP3
380 POP
381 POP
382 DUP2
383 SWAP1
384 SSTORE
385 POP
386 PUSH1 0x01
388 SWAP3
389 POP
390 POP
391 POP
392 SWAP3
393 SWAP2
394 POP
395 POP
396 JUMP
397 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1,420 @@
0 PUSH1 0x80
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x0078
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x12065fe0
60 EQ
61 PUSH2 0x007d
64 JUMPI
65 DUP1
66 PUSH4 0x27e235e3
71 EQ
72 PUSH2 0x00a8
75 JUMPI
76 DUP1
77 PUSH4 0x56885cd8
82 EQ
83 PUSH2 0x00ff
86 JUMPI
87 DUP1
88 PUSH4 0x6c343ffe
93 EQ
94 PUSH2 0x0116
97 JUMPI
98 DUP1
99 PUSH4 0x8da5cb5b
104 EQ
105 PUSH2 0x012d
108 JUMPI
109 DUP1
110 PUSH4 0xe8b5e51f
115 EQ
116 PUSH2 0x0184
119 JUMPI
120 JUMPDEST
121 PUSH1 0x00
123 DUP1
124 REVERT
125 JUMPDEST
126 CALLVALUE
127 DUP1
128 ISZERO
129 PUSH2 0x0089
132 JUMPI
133 PUSH1 0x00
135 DUP1
136 REVERT
137 JUMPDEST
138 POP
139 PUSH2 0x0092
142 PUSH2 0x018e
145 JUMP
146 JUMPDEST
147 PUSH1 0x40
149 MLOAD
150 DUP1
151 DUP3
152 DUP2
153 MSTORE
154 PUSH1 0x20
156 ADD
157 SWAP2
158 POP
159 POP
160 PUSH1 0x40
162 MLOAD
163 DUP1
164 SWAP2
165 SUB
166 SWAP1
167 RETURN
168 JUMPDEST
169 CALLVALUE
170 DUP1
171 ISZERO
172 PUSH2 0x00b4
175 JUMPI
176 PUSH1 0x00
178 DUP1
179 REVERT
180 JUMPDEST
181 POP
182 PUSH2 0x00e9
185 PUSH1 0x04
187 DUP1
188 CALLDATASIZE
189 SUB
190 DUP2
191 ADD
192 SWAP1
193 DUP1
194 DUP1
195 CALLDATALOAD
196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
217 AND
218 SWAP1
219 PUSH1 0x20
221 ADD
222 SWAP1
223 SWAP3
224 SWAP2
225 SWAP1
226 POP
227 POP
228 POP
229 PUSH2 0x01d4
232 JUMP
233 JUMPDEST
234 PUSH1 0x40
236 MLOAD
237 DUP1
238 DUP3
239 DUP2
240 MSTORE
241 PUSH1 0x20
243 ADD
244 SWAP2
245 POP
246 POP
247 PUSH1 0x40
249 MLOAD
250 DUP1
251 SWAP2
252 SUB
253 SWAP1
254 RETURN
255 JUMPDEST
256 CALLVALUE
257 DUP1
258 ISZERO
259 PUSH2 0x010b
262 JUMPI
263 PUSH1 0x00
265 DUP1
266 REVERT
267 JUMPDEST
268 POP
269 PUSH2 0x0114
272 PUSH2 0x01ec
275 JUMP
276 JUMPDEST
277 STOP
278 JUMPDEST
279 CALLVALUE
280 DUP1
281 ISZERO
282 PUSH2 0x0122
285 JUMPI
286 PUSH1 0x00
288 DUP1
289 REVERT
290 JUMPDEST
291 POP
292 PUSH2 0x012b
295 PUSH2 0x022f
298 JUMP
299 JUMPDEST
300 STOP
301 JUMPDEST
302 CALLVALUE
303 DUP1
304 ISZERO
305 PUSH2 0x0139
308 JUMPI
309 PUSH1 0x00
311 DUP1
312 REVERT
313 JUMPDEST
314 POP
315 PUSH2 0x0142
318 PUSH2 0x02eb
321 JUMP
322 JUMPDEST
323 PUSH1 0x40
325 MLOAD
326 DUP1
327 DUP3
328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
349 AND
350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
371 AND
372 DUP2
373 MSTORE
374 PUSH1 0x20
376 ADD
377 SWAP2
378 POP
379 POP
380 PUSH1 0x40
382 MLOAD
383 DUP1
384 SWAP2
385 SUB
386 SWAP1
387 RETURN
388 JUMPDEST
389 PUSH2 0x018c
392 PUSH2 0x0311
395 JUMP
396 JUMPDEST
397 STOP
398 JUMPDEST
399 PUSH1 0x00
401 DUP1
402 PUSH1 0x00
404 CALLER
405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
426 AND
427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
448 AND
449 DUP2
450 MSTORE
451 PUSH1 0x20
453 ADD
454 SWAP1
455 DUP2
456 MSTORE
457 PUSH1 0x20
459 ADD
460 PUSH1 0x00
462 SHA3
463 SLOAD
464 SWAP1
465 POP
466 SWAP1
467 JUMP
468 JUMPDEST
469 PUSH1 0x00
471 PUSH1 0x20
473 MSTORE
474 DUP1
475 PUSH1 0x00
477 MSTORE
478 PUSH1 0x40
480 PUSH1 0x00
482 SHA3
483 PUSH1 0x00
485 SWAP2
486 POP
487 SWAP1
488 POP
489 SLOAD
490 DUP2
491 JUMP
492 JUMPDEST
493 CALLER
494 PUSH1 0x01
496 PUSH1 0x00
498 PUSH2 0x0100
501 EXP
502 DUP2
503 SLOAD
504 DUP2
505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
526 MUL
527 NOT
528 AND
529 SWAP1
530 DUP4
531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
552 AND
553 MUL
554 OR
555 SWAP1
556 SSTORE
557 POP
558 JUMP
559 JUMPDEST
560 PUSH1 0x01
562 PUSH1 0x00
564 SWAP1
565 SLOAD
566 SWAP1
567 PUSH2 0x0100
570 EXP
571 SWAP1
572 DIV
573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
594 AND
595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
616 AND
617 CALLER
618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
639 AND
640 EQ
641 ISZERO
642 ISZERO
643 PUSH2 0x028b
646 JUMPI
647 PUSH1 0x00
649 DUP1
650 REVERT
651 JUMPDEST
652 CALLER
653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
674 AND
675 PUSH2 0x08fc
678 ADDRESS
679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
700 AND
701 BALANCE
702 SWAP1
703 DUP2
704 ISZERO
705 MUL
706 SWAP1
707 PUSH1 0x40
709 MLOAD
710 PUSH1 0x00
712 PUSH1 0x40
714 MLOAD
715 DUP1
716 DUP4
717 SUB
718 DUP2
719 DUP6
720 DUP9
721 DUP9
722 CALL
723 SWAP4
724 POP
725 POP
726 POP
727 POP
728 ISZERO
729 DUP1
730 ISZERO
731 PUSH2 0x02e8
734 JUMPI
735 RETURNDATASIZE
736 PUSH1 0x00
738 DUP1
739 RETURNDATACOPY
740 RETURNDATASIZE
741 PUSH1 0x00
743 REVERT
744 JUMPDEST
745 POP
746 JUMP
747 JUMPDEST
748 PUSH1 0x01
750 PUSH1 0x00
752 SWAP1
753 SLOAD
754 SWAP1
755 PUSH2 0x0100
758 EXP
759 SWAP1
760 DIV
761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
782 AND
783 DUP2
784 JUMP
785 JUMPDEST
786 PUSH1 0x02
788 SLOAD
789 CALLVALUE
790 GT
791 DUP1
792 ISZERO
793 PUSH2 0x0323
796 JUMPI
797 POP
798 PUSH1 0x03
800 SLOAD
801 CALLVALUE
802 LT
803 JUMPDEST
804 ISZERO
805 ISZERO
806 PUSH2 0x032e
809 JUMPI
810 PUSH1 0x00
812 DUP1
813 REVERT
814 JUMPDEST
815 CALLVALUE
816 PUSH1 0x00
818 DUP1
819 CALLER
820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
841 AND
842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
863 AND
864 DUP2
865 MSTORE
866 PUSH1 0x20
868 ADD
869 SWAP1
870 DUP2
871 MSTORE
872 PUSH1 0x20
874 ADD
875 PUSH1 0x00
877 SHA3
878 PUSH1 0x00
880 DUP3
881 DUP3
882 SLOAD
883 ADD
884 SWAP3
885 POP
886 POP
887 DUP2
888 SWAP1
889 SSTORE
890 POP
891 JUMP
892 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1 @@
{"error": null, "issues": [{"address": 722, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.", "function": "withdrawfunds()", "swc_id": "105", "title": "Ether send", "type": "Warning"}, {"address": 883, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "invest()", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

@ -0,0 +1,23 @@
# Analysis results for test-filename.sol
## Ether send
- SWC ID: 105
- Type: Warning
- Contract: Unknown
- Function name: `withdrawfunds()`
- PC address: 722
### Description
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `invest()`
- PC address: 883
### Description
The arithmetic operation can result in integer overflow.

@ -0,0 +1,19 @@
==== Ether send ====
SWC ID: 105
Type: Warning
Contract: Unknown
Function name: withdrawfunds()
PC address: 722
It seems that an attacker is able to execute an call instruction, this can mean that the attacker is able to extract funds out of the contract.
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: invest()
PC address: 883
The arithmetic operation can result in integer overflow.
--------------------

@ -0,0 +1,392 @@
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x008e
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x01d4277c
60 EQ
61 PUSH2 0x0093
64 JUMPI
65 DUP1
66 PUSH4 0x546455b5
71 EQ
72 PUSH2 0x00b6
75 JUMPI
76 DUP1
77 PUSH4 0x78375f14
82 EQ
83 PUSH2 0x00d9
86 JUMPI
87 DUP1
88 PUSH4 0x92dd38ea
93 EQ
94 PUSH2 0x00fc
97 JUMPI
98 DUP1
99 PUSH4 0xa08299f1
104 EQ
105 PUSH2 0x011f
108 JUMPI
109 DUP1
110 PUSH4 0xb34c3610
115 EQ
116 PUSH2 0x0142
119 JUMPI
120 DUP1
121 PUSH4 0xb630d706
126 EQ
127 PUSH2 0x0157
130 JUMPI
131 DUP1
132 PUSH4 0xf44f13d8
137 EQ
138 PUSH2 0x017a
141 JUMPI
142 JUMPDEST
143 PUSH1 0x00
145 DUP1
146 REVERT
147 JUMPDEST
148 CALLVALUE
149 ISZERO
150 PUSH2 0x009e
153 JUMPI
154 PUSH1 0x00
156 DUP1
157 REVERT
158 JUMPDEST
159 PUSH2 0x00b4
162 PUSH1 0x04
164 DUP1
165 DUP1
166 CALLDATALOAD
167 SWAP1
168 PUSH1 0x20
170 ADD
171 SWAP1
172 SWAP2
173 SWAP1
174 POP
175 POP
176 PUSH2 0x018f
179 JUMP
180 JUMPDEST
181 STOP
182 JUMPDEST
183 CALLVALUE
184 ISZERO
185 PUSH2 0x00c1
188 JUMPI
189 PUSH1 0x00
191 DUP1
192 REVERT
193 JUMPDEST
194 PUSH2 0x00d7
197 PUSH1 0x04
199 DUP1
200 DUP1
201 CALLDATALOAD
202 SWAP1
203 PUSH1 0x20
205 ADD
206 SWAP1
207 SWAP2
208 SWAP1
209 POP
210 POP
211 PUSH2 0x01b2
214 JUMP
215 JUMPDEST
216 STOP
217 JUMPDEST
218 CALLVALUE
219 ISZERO
220 PUSH2 0x00e4
223 JUMPI
224 PUSH1 0x00
226 DUP1
227 REVERT
228 JUMPDEST
229 PUSH2 0x00fa
232 PUSH1 0x04
234 DUP1
235 DUP1
236 CALLDATALOAD
237 SWAP1
238 PUSH1 0x20
240 ADD
241 SWAP1
242 SWAP2
243 SWAP1
244 POP
245 POP
246 PUSH2 0x01c2
249 JUMP
250 JUMPDEST
251 STOP
252 JUMPDEST
253 CALLVALUE
254 ISZERO
255 PUSH2 0x0107
258 JUMPI
259 PUSH1 0x00
261 DUP1
262 REVERT
263 JUMPDEST
264 PUSH2 0x011d
267 PUSH1 0x04
269 DUP1
270 DUP1
271 CALLDATALOAD
272 SWAP1
273 PUSH1 0x20
275 ADD
276 SWAP1
277 SWAP2
278 SWAP1
279 POP
280 POP
281 PUSH2 0x01d5
284 JUMP
285 JUMPDEST
286 STOP
287 JUMPDEST
288 CALLVALUE
289 ISZERO
290 PUSH2 0x012a
293 JUMPI
294 PUSH1 0x00
296 DUP1
297 REVERT
298 JUMPDEST
299 PUSH2 0x0140
302 PUSH1 0x04
304 DUP1
305 DUP1
306 CALLDATALOAD
307 SWAP1
308 PUSH1 0x20
310 ADD
311 SWAP1
312 SWAP2
313 SWAP1
314 POP
315 POP
316 PUSH2 0x01ed
319 JUMP
320 JUMPDEST
321 STOP
322 JUMPDEST
323 CALLVALUE
324 ISZERO
325 PUSH2 0x014d
328 JUMPI
329 PUSH1 0x00
331 DUP1
332 REVERT
333 JUMPDEST
334 PUSH2 0x0155
337 PUSH2 0x0202
340 JUMP
341 JUMPDEST
342 STOP
343 JUMPDEST
344 CALLVALUE
345 ISZERO
346 PUSH2 0x0162
349 JUMPI
350 PUSH1 0x00
352 DUP1
353 REVERT
354 JUMPDEST
355 PUSH2 0x0178
358 PUSH1 0x04
360 DUP1
361 DUP1
362 CALLDATALOAD
363 SWAP1
364 PUSH1 0x20
366 ADD
367 SWAP1
368 SWAP2
369 SWAP1
370 POP
371 POP
372 PUSH2 0x0217
375 JUMP
376 JUMPDEST
377 STOP
378 JUMPDEST
379 CALLVALUE
380 ISZERO
381 PUSH2 0x0185
384 JUMPI
385 PUSH1 0x00
387 DUP1
388 REVERT
389 JUMPDEST
390 PUSH2 0x018d
393 PUSH2 0x0235
396 JUMP
397 JUMPDEST
398 STOP
399 JUMPDEST
400 PUSH1 0x00
402 PUSH1 0x08
404 DUP3
405 LT
406 ISZERO
407 PUSH2 0x01ae
410 JUMPI
411 PUSH1 0x00
413 DUP3
414 PUSH1 0x08
416 DUP2
417 LT
418 ISZERO
419 ISZERO
420 PUSH2 0x01a9
423 JUMPI
424 ASSERT_FAIL
425 JUMPDEST
426 ADD
427 SLOAD
428 SWAP1
429 POP
430 JUMPDEST
431 POP
432 POP
433 JUMP
434 JUMPDEST
435 PUSH1 0x17
437 DUP2
438 EQ
439 ISZERO
440 ISZERO
441 ISZERO
442 PUSH2 0x01bf
445 JUMPI
446 ASSERT_FAIL
447 JUMPDEST
448 POP
449 JUMP
450 JUMPDEST
451 PUSH1 0x17
453 DUP2
454 EQ
455 ISZERO
456 ISZERO
457 ISZERO
458 PUSH2 0x01d2
461 JUMPI
462 PUSH1 0x00
464 DUP1
465 REVERT
466 JUMPDEST
467 POP
468 JUMP
469 JUMPDEST
470 PUSH1 0x00
472 DUP1
473 DUP3
474 PUSH1 0x08
476 DUP2
477 LT
478 ISZERO
479 ISZERO
480 PUSH2 0x01e5
483 JUMPI
484 ASSERT_FAIL
485 JUMPDEST
486 ADD
487 SLOAD
488 SWAP1
489 POP
490 POP
491 POP
492 JUMP
493 JUMPDEST
494 PUSH1 0x00
496 DUP2
497 PUSH1 0x01
499 DUP2
500 ISZERO
501 ISZERO
502 PUSH2 0x01fb
505 JUMPI
506 ASSERT_FAIL
507 JUMPDEST
508 DIV
509 SWAP1
510 POP
511 POP
512 POP
513 JUMP
514 JUMPDEST
515 PUSH1 0x00
517 PUSH1 0x01
519 SWAP1
520 POP
521 PUSH1 0x00
523 DUP2
524 EQ
525 ISZERO
526 ISZERO
527 PUSH2 0x0214
530 JUMPI
531 ASSERT_FAIL
532 JUMPDEST
533 POP
534 JUMP
535 JUMPDEST
536 PUSH1 0x00
538 DUP1
539 DUP3
540 GT
541 ISZERO
542 PUSH2 0x0231
545 JUMPI
546 DUP2
547 PUSH1 0x01
549 DUP2
550 ISZERO
551 ISZERO
552 PUSH2 0x022d
555 JUMPI
556 ASSERT_FAIL
557 JUMPDEST
558 DIV
559 SWAP1
560 POP
561 JUMPDEST
562 POP
563 POP
564 JUMP
565 JUMPDEST
566 PUSH1 0x00
568 PUSH1 0x01
570 SWAP1
571 POP
572 PUSH1 0x00
574 DUP2
575 GT
576 ISZERO
577 ISZERO
578 PUSH2 0x0247
581 JUMPI
582 ASSERT_FAIL
583 JUMPDEST
584 POP
585 JUMP
586 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1 @@
{"error": null, "issues": [{"address": 446, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 484, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 506, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "swc_id": "110", "title": "Exception state", "type": "Informational"}, {"address": 531, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "swc_id": "110", "title": "Exception state", "type": "Informational"}], "success": true}

@ -0,0 +1,45 @@
# Analysis results for test-filename.sol
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x546455b5`
- PC address: 446
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x92dd38ea`
- PC address: 484
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xa08299f1`
- PC address: 506
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception state
- SWC ID: 110
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xb34c3610`
- PC address: 531
### Description
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

@ -0,0 +1,36 @@
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0x546455b5
PC address: 446
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0x92dd38ea
PC address: 484
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0xa08299f1
PC address: 506
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception state ====
SWC ID: 110
Type: Informational
Contract: Unknown
Function name: _function_0xb34c3610
PC address: 531
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------

@ -0,0 +1,435 @@
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x006d
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x141f32ff
60 EQ
61 PUSH2 0x0072
64 JUMPI
65 DUP1
66 PUSH4 0x2e52d606
71 EQ
72 PUSH2 0x00b4
75 JUMPI
76 DUP1
77 PUSH4 0x67e404ce
82 EQ
83 PUSH2 0x00dd
86 JUMPI
87 DUP1
88 PUSH4 0x9b58bc26
93 EQ
94 PUSH2 0x0132
97 JUMPI
98 DUP1
99 PUSH4 0xeea4c864
104 EQ
105 PUSH2 0x0174
108 JUMPI
109 JUMPDEST
110 PUSH1 0x00
112 DUP1
113 REVERT
114 JUMPDEST
115 CALLVALUE
116 ISZERO
117 PUSH2 0x007d
120 JUMPI
121 PUSH1 0x00
123 DUP1
124 REVERT
125 JUMPDEST
126 PUSH2 0x00b2
129 PUSH1 0x04
131 DUP1
132 DUP1
133 CALLDATALOAD
134 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
155 AND
156 SWAP1
157 PUSH1 0x20
159 ADD
160 SWAP1
161 SWAP2
162 SWAP1
163 DUP1
164 CALLDATALOAD
165 SWAP1
166 PUSH1 0x20
168 ADD
169 SWAP1
170 SWAP2
171 SWAP1
172 POP
173 POP
174 PUSH2 0x01b6
177 JUMP
178 JUMPDEST
179 STOP
180 JUMPDEST
181 CALLVALUE
182 ISZERO
183 PUSH2 0x00bf
186 JUMPI
187 PUSH1 0x00
189 DUP1
190 REVERT
191 JUMPDEST
192 PUSH2 0x00c7
195 PUSH2 0x0273
198 JUMP
199 JUMPDEST
200 PUSH1 0x40
202 MLOAD
203 DUP1
204 DUP3
205 DUP2
206 MSTORE
207 PUSH1 0x20
209 ADD
210 SWAP2
211 POP
212 POP
213 PUSH1 0x40
215 MLOAD
216 DUP1
217 SWAP2
218 SUB
219 SWAP1
220 RETURN
221 JUMPDEST
222 CALLVALUE
223 ISZERO
224 PUSH2 0x00e8
227 JUMPI
228 PUSH1 0x00
230 DUP1
231 REVERT
232 JUMPDEST
233 PUSH2 0x00f0
236 PUSH2 0x0279
239 JUMP
240 JUMPDEST
241 PUSH1 0x40
243 MLOAD
244 DUP1
245 DUP3
246 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
267 AND
268 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
289 AND
290 DUP2
291 MSTORE
292 PUSH1 0x20
294 ADD
295 SWAP2
296 POP
297 POP
298 PUSH1 0x40
300 MLOAD
301 DUP1
302 SWAP2
303 SUB
304 SWAP1
305 RETURN
306 JUMPDEST
307 CALLVALUE
308 ISZERO
309 PUSH2 0x013d
312 JUMPI
313 PUSH1 0x00
315 DUP1
316 REVERT
317 JUMPDEST
318 PUSH2 0x0172
321 PUSH1 0x04
323 DUP1
324 DUP1
325 CALLDATALOAD
326 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
347 AND
348 SWAP1
349 PUSH1 0x20
351 ADD
352 SWAP1
353 SWAP2
354 SWAP1
355 DUP1
356 CALLDATALOAD
357 SWAP1
358 PUSH1 0x20
360 ADD
361 SWAP1
362 SWAP2
363 SWAP1
364 POP
365 POP
366 PUSH2 0x029f
369 JUMP
370 JUMPDEST
371 STOP
372 JUMPDEST
373 CALLVALUE
374 ISZERO
375 PUSH2 0x017f
378 JUMPI
379 PUSH1 0x00
381 DUP1
382 REVERT
383 JUMPDEST
384 PUSH2 0x01b4
387 PUSH1 0x04
389 DUP1
390 DUP1
391 CALLDATALOAD
392 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
413 AND
414 SWAP1
415 PUSH1 0x20
417 ADD
418 SWAP1
419 SWAP2
420 SWAP1
421 DUP1
422 CALLDATALOAD
423 SWAP1
424 PUSH1 0x20
426 ADD
427 SWAP1
428 SWAP2
429 SWAP1
430 POP
431 POP
432 PUSH2 0x035a
435 JUMP
436 JUMPDEST
437 STOP
438 JUMPDEST
439 DUP2
440 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
461 AND
462 PUSH1 0x40
464 MLOAD
465 DUP1
466 DUP1
467 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
500 DUP2
501 MSTORE
502 POP
503 PUSH1 0x0d
505 ADD
506 SWAP1
507 POP
508 PUSH1 0x40
510 MLOAD
511 DUP1
512 SWAP2
513 SUB
514 SWAP1
515 SHA3
516 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
546 SWAP1
547 DIV
548 DUP3
549 PUSH1 0x40
551 MLOAD
552 DUP3
553 PUSH4 0xffffffff
558 AND
559 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
589 MUL
590 DUP2
591 MSTORE
592 PUSH1 0x04
594 ADD
595 DUP1
596 DUP3
597 DUP2
598 MSTORE
599 PUSH1 0x20
601 ADD
602 SWAP2
603 POP
604 POP
605 PUSH1 0x00
607 PUSH1 0x40
609 MLOAD
610 DUP1
611 DUP4
612 SUB
613 DUP2
614 PUSH1 0x00
616 DUP8
617 GAS
618 CALLCODE
619 SWAP3
620 POP
621 POP
622 POP
623 POP
624 POP
625 POP
626 JUMP
627 JUMPDEST
628 PUSH1 0x00
630 SLOAD
631 DUP2
632 JUMP
633 JUMPDEST
634 PUSH1 0x01
636 PUSH1 0x00
638 SWAP1
639 SLOAD
640 SWAP1
641 PUSH2 0x0100
644 EXP
645 SWAP1
646 DIV
647 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
668 AND
669 DUP2
670 JUMP
671 JUMPDEST
672 DUP2
673 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
694 AND
695 PUSH1 0x40
697 MLOAD
698 DUP1
699 DUP1
700 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
733 DUP2
734 MSTORE
735 POP
736 PUSH1 0x0d
738 ADD
739 SWAP1
740 POP
741 PUSH1 0x40
743 MLOAD
744 DUP1
745 SWAP2
746 SUB
747 SWAP1
748 SHA3
749 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
779 SWAP1
780 DIV
781 DUP3
782 PUSH1 0x40
784 MLOAD
785 DUP3
786 PUSH4 0xffffffff
791 AND
792 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
822 MUL
823 DUP2
824 MSTORE
825 PUSH1 0x04
827 ADD
828 DUP1
829 DUP3
830 DUP2
831 MSTORE
832 PUSH1 0x20
834 ADD
835 SWAP2
836 POP
837 POP
838 PUSH1 0x00
840 PUSH1 0x40
842 MLOAD
843 DUP1
844 DUP4
845 SUB
846 DUP2
847 DUP7
848 GAS
849 DELEGATECALL
850 SWAP3
851 POP
852 POP
853 POP
854 POP
855 POP
856 POP
857 JUMP
858 JUMPDEST
859 DUP2
860 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
881 AND
882 PUSH1 0x40
884 MLOAD
885 DUP1
886 DUP1
887 PUSH32 0x7365744e2875696e743235362900000000000000000000000000000000000000
920 DUP2
921 MSTORE
922 POP
923 PUSH1 0x0d
925 ADD
926 SWAP1
927 POP
928 PUSH1 0x40
930 MLOAD
931 DUP1
932 SWAP2
933 SUB
934 SWAP1
935 SHA3
936 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
966 SWAP1
967 DIV
968 DUP3
969 PUSH1 0x40
971 MLOAD
972 DUP3
973 PUSH4 0xffffffff
978 AND
979 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
1009 MUL
1010 DUP2
1011 MSTORE
1012 PUSH1 0x04
1014 ADD
1015 DUP1
1016 DUP3
1017 DUP2
1018 MSTORE
1019 PUSH1 0x20
1021 ADD
1022 SWAP2
1023 POP
1024 POP
1025 PUSH1 0x00
1027 PUSH1 0x40
1029 MLOAD
1030 DUP1
1031 DUP4
1032 SUB
1033 DUP2
1034 PUSH1 0x00
1036 DUP8
1037 GAS
1038 CALL
1039 SWAP3
1040 POP
1041 POP
1042 POP
1043 POP
1044 POP
1045 POP
1046 JUMP
1047 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1 @@
{"error": null, "issues": [{"address": 626, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x141f32ff", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 857, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0x9b58bc26", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 1038, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xeea4c864", "swc_id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 1046, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xeea4c864", "swc_id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}

@ -0,0 +1,45 @@
# Analysis results for test-filename.sol
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x141f32ff`
- PC address: 626
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x9b58bc26`
- PC address: 857
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xeea4c864`
- PC address: 1038
### Description
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Unchecked CALL return value
- SWC ID: 104
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xeea4c864`
- PC address: 1046
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.

@ -0,0 +1,36 @@
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x141f32ff
PC address: 626
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0x9b58bc26
PC address: 857
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xeea4c864
PC address: 1038
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Unchecked CALL return value ====
SWC ID: 104
Type: Informational
Contract: Unknown
Function name: _function_0xeea4c864
PC address: 1046
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------

@ -0,0 +1,253 @@
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH2 0x004c
12 JUMPI
13 PUSH1 0x00
15 CALLDATALOAD
16 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
46 SWAP1
47 DIV
48 PUSH4 0xffffffff
53 AND
54 DUP1
55 PUSH4 0x27e235e3
60 EQ
61 PUSH2 0x0051
64 JUMPI
65 DUP1
66 PUSH4 0x412664ae
71 EQ
72 PUSH2 0x009e
75 JUMPI
76 JUMPDEST
77 PUSH1 0x00
79 DUP1
80 REVERT
81 JUMPDEST
82 CALLVALUE
83 ISZERO
84 PUSH2 0x005c
87 JUMPI
88 PUSH1 0x00
90 DUP1
91 REVERT
92 JUMPDEST
93 PUSH2 0x0088
96 PUSH1 0x04
98 DUP1
99 DUP1
100 CALLDATALOAD
101 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
122 AND
123 SWAP1
124 PUSH1 0x20
126 ADD
127 SWAP1
128 SWAP2
129 SWAP1
130 POP
131 POP
132 PUSH2 0x00f8
135 JUMP
136 JUMPDEST
137 PUSH1 0x40
139 MLOAD
140 DUP1
141 DUP3
142 DUP2
143 MSTORE
144 PUSH1 0x20
146 ADD
147 SWAP2
148 POP
149 POP
150 PUSH1 0x40
152 MLOAD
153 DUP1
154 SWAP2
155 SUB
156 SWAP1
157 RETURN
158 JUMPDEST
159 CALLVALUE
160 ISZERO
161 PUSH2 0x00a9
164 JUMPI
165 PUSH1 0x00
167 DUP1
168 REVERT
169 JUMPDEST
170 PUSH2 0x00de
173 PUSH1 0x04
175 DUP1
176 DUP1
177 CALLDATALOAD
178 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
199 AND
200 SWAP1
201 PUSH1 0x20
203 ADD
204 SWAP1
205 SWAP2
206 SWAP1
207 DUP1
208 CALLDATALOAD
209 SWAP1
210 PUSH1 0x20
212 ADD
213 SWAP1
214 SWAP2
215 SWAP1
216 POP
217 POP
218 PUSH2 0x0110
221 JUMP
222 JUMPDEST
223 PUSH1 0x40
225 MLOAD
226 DUP1
227 DUP3
228 ISZERO
229 ISZERO
230 ISZERO
231 ISZERO
232 DUP2
233 MSTORE
234 PUSH1 0x20
236 ADD
237 SWAP2
238 POP
239 POP
240 PUSH1 0x40
242 MLOAD
243 DUP1
244 SWAP2
245 SUB
246 SWAP1
247 RETURN
248 JUMPDEST
249 PUSH1 0x00
251 PUSH1 0x20
253 MSTORE
254 DUP1
255 PUSH1 0x00
257 MSTORE
258 PUSH1 0x40
260 PUSH1 0x00
262 SHA3
263 PUSH1 0x00
265 SWAP2
266 POP
267 SWAP1
268 POP
269 SLOAD
270 DUP2
271 JUMP
272 JUMPDEST
273 PUSH1 0x00
275 DUP2
276 PUSH1 0x00
278 DUP1
279 CALLER
280 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
301 AND
302 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
323 AND
324 DUP2
325 MSTORE
326 PUSH1 0x20
328 ADD
329 SWAP1
330 DUP2
331 MSTORE
332 PUSH1 0x20
334 ADD
335 PUSH1 0x00
337 SHA3
338 SLOAD
339 LT
340 ISZERO
341 PUSH2 0x0161
344 JUMPI
345 PUSH1 0x00
347 SWAP1
348 POP
349 PUSH2 0x01fe
352 JUMP
353 JUMPDEST
354 DUP2
355 PUSH1 0x00
357 DUP1
358 CALLER
359 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
380 AND
381 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
402 AND
403 DUP2
404 MSTORE
405 PUSH1 0x20
407 ADD
408 SWAP1
409 DUP2
410 MSTORE
411 PUSH1 0x20
413 ADD
414 PUSH1 0x00
416 SHA3
417 PUSH1 0x00
419 DUP3
420 DUP3
421 SLOAD
422 SUB
423 SWAP3
424 POP
425 POP
426 DUP2
427 SWAP1
428 SSTORE
429 POP
430 DUP2
431 PUSH1 0x00
433 DUP1
434 DUP6
435 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
456 AND
457 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
478 AND
479 DUP2
480 MSTORE
481 PUSH1 0x20
483 ADD
484 SWAP1
485 DUP2
486 MSTORE
487 PUSH1 0x20
489 ADD
490 PUSH1 0x00
492 SHA3
493 PUSH1 0x00
495 DUP3
496 DUP3
497 SLOAD
498 ADD
499 SWAP3
500 POP
501 POP
502 DUP2
503 SWAP1
504 SSTORE
505 POP
506 PUSH1 0x00
508 SWAP1
509 POP
510 JUMPDEST
511 SWAP3
512 SWAP2
513 POP
514 POP
515 JUMP
516 STOP

File diff suppressed because one or more lines are too long

@ -0,0 +1 @@
{"error": null, "issues": [], "success": true}

@ -0,0 +1,3 @@
# Analysis results for None
The analysis was completed successfully. No issues were detected.

@ -0,0 +1 @@
The analysis was completed successfully. No issues were detected.

@ -0,0 +1,77 @@
0 PUSH1 0x60
2 PUSH1 0x40
4 MSTORE
5 PUSH1 0x04
7 CALLDATASIZE
8 LT
9 PUSH1 0x3f
11 JUMPI
12 PUSH1 0x00
14 CALLDATALOAD
15 PUSH29 0x0100000000000000000000000000000000000000000000000000000000
45 SWAP1
46 DIV
47 PUSH4 0xffffffff
52 AND
53 DUP1
54 PUSH4 0x8a4068dd
59 EQ
60 PUSH1 0x44
62 JUMPI
63 JUMPDEST
64 PUSH1 0x00
66 DUP1
67 REVERT
68 JUMPDEST
69 CALLVALUE
70 ISZERO
71 PUSH1 0x4e
73 JUMPI
74 PUSH1 0x00
76 DUP1
77 REVERT
78 JUMPDEST
79 PUSH1 0x54
81 PUSH1 0x56
83 JUMP
84 JUMPDEST
85 STOP
86 JUMPDEST
87 CALLER
88 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
109 AND
110 PUSH2 0x08fc
113 PUSH8 0x1bc16d674ec80000
122 SWAP1
123 DUP2
124 ISZERO
125 MUL
126 SWAP1
127 PUSH1 0x40
129 MLOAD
130 PUSH1 0x00
132 PUSH1 0x40
134 MLOAD
135 DUP1
136 DUP4
137 SUB
138 DUP2
139 DUP6
140 DUP9
141 DUP9
142 CALL
143 SWAP4
144 POP
145 POP
146 POP
147 POP
148 ISZERO
149 ISZERO
150 PUSH1 0x9d
152 JUMPI
153 PUSH1 0x00
155 DUP1
156 REVERT
157 JUMPDEST
158 JUMP
159 STOP

File diff suppressed because one or more lines are too long

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save