Handle OOG during CALL (#1675)

2 years ago · 73aa52d7fa
parent 427d40e669
commit 73aa52d7fa
4 changed files with 10 additions and 7 deletions
--- a/mythril/analysis/module/modules/unchecked_retval.py
+++ b/mythril/analysis/module/modules/unchecked_retval.py
@ -127,9 +127,13 @@ class UncheckedRetval(DetectionModule):
            return issues
        else:
            log.debug("End of call, extracting retval")
-            assert state.environment.code.instruction_list[state.mstate.pc - 1][
+
+            if state.environment.code.instruction_list[state.mstate.pc - 1][
                "opcode"
-            ] in ["CALL", "DELEGATECALL", "STATICCALL", "CALLCODE"]
+            ] not in ["CALL", "DELEGATECALL", "STATICCALL", "CALLCODE"]:
+                # Return is pointless with OOG. The pc does not get updated in such cases
+                return []
+
            return_value = state.mstate.stack[-1]
            retvals.append(
                {"address": state.instruction["address"] - 1, "retval": return_value}
--- a/mythril/laser/ethereum/call.py
+++ b/mythril/laser/ethereum/call.py
@ -101,7 +101,6 @@ def get_callee_address(
        log.debug("Symbolic call encountered")

        match = re.search(r"Storage\[(\d+)\]", str(simplify(symbolic_to_address)))
-        log.debug("CALL to: " + str(simplify(symbolic_to_address)))

        if match is None or dynamic_loader is None:
            return symbolic_to_address
@ -190,9 +189,7 @@ def get_call_data(
        ]
        return ConcreteCalldata(transaction_id, calldata_from_mem)
    except TypeError:
-        log.debug(
-            "Unsupported symbolic memory offset %s size %s", memory_start, memory_size
-        )
+        log.debug("Unsupported symbolic memory offset and size")
        return SymbolicCalldata(transaction_id)


--- a/mythril/laser/ethereum/instructions.py
+++ b/mythril/laser/ethereum/instructions.py
@ -2010,6 +2010,7 @@ class Instruction:
                log.debug("The call is related to ether transfer between accounts")
                sender = environment.active_account.address
                receiver = callee_account.address
+
                transfer_ether(global_state, sender, receiver, value)
                self._write_symbolic_returndata(
                    global_state, memory_out_offset, memory_out_size
@ -2254,11 +2255,11 @@ class Instruction:
                log.debug("The call is related to ether transfer between accounts")
                sender = global_state.environment.active_account.address
                receiver = callee_account.address
+
                transfer_ether(global_state, sender, receiver, value)
                self._write_symbolic_returndata(
                    global_state, memory_out_offset, memory_out_size
                )
-
                global_state.mstate.stack.append(
                    global_state.new_bitvec("retval_" + str(instr["address"]), 256)
                )
--- a/mythril/laser/ethereum/svm.py
+++ b/mythril/laser/ethereum/svm.py
@ -435,6 +435,7 @@ class LaserEVM:

                new_global_states = []
            else:
+
                # First execute the post hook for the transaction ending instruction
                self._execute_post_hook(op_code, [end_signal.global_state])