|
|
|
@ -1,13 +1,12 @@ |
|
|
|
"""This module contains the detection code for potentially insecure low-level |
|
|
|
"""This module contains the detection code for potentially insecure low-level |
|
|
|
calls.""" |
|
|
|
calls.""" |
|
|
|
|
|
|
|
|
|
|
|
from mythril.analysis.potential_issues import ( |
|
|
|
from mythril.analysis import solver |
|
|
|
PotentialIssue, |
|
|
|
from mythril.analysis.potential_issues import Issue |
|
|
|
get_potential_issues_annotation, |
|
|
|
|
|
|
|
) |
|
|
|
|
|
|
|
from mythril.analysis.swc_data import ASSERT_VIOLATION |
|
|
|
from mythril.analysis.swc_data import ASSERT_VIOLATION |
|
|
|
from mythril.analysis.module.base import DetectionModule, EntryPoint |
|
|
|
from mythril.analysis.module.base import DetectionModule, EntryPoint |
|
|
|
from mythril.laser.ethereum.state.global_state import GlobalState |
|
|
|
from mythril.laser.ethereum.state.global_state import GlobalState |
|
|
|
|
|
|
|
from mythril.exceptions import UnsatError |
|
|
|
import logging |
|
|
|
import logging |
|
|
|
import eth_abi |
|
|
|
import eth_abi |
|
|
|
|
|
|
|
|
|
|
|
@ -40,10 +39,12 @@ class UserAssertions(DetectionModule): |
|
|
|
:param state: |
|
|
|
:param state: |
|
|
|
:return: |
|
|
|
:return: |
|
|
|
""" |
|
|
|
""" |
|
|
|
potential_issues = self._analyze_state(state) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
annotation = get_potential_issues_annotation(state) |
|
|
|
issues = self._analyze_state(state) |
|
|
|
annotation.potential_issues.extend(potential_issues) |
|
|
|
for issue in issues: |
|
|
|
|
|
|
|
self.cache.add(issue.address) |
|
|
|
|
|
|
|
self.issues.extend(issues) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _analyze_state(self, state: GlobalState): |
|
|
|
def _analyze_state(self, state: GlobalState): |
|
|
|
""" |
|
|
|
""" |
|
|
|
@ -51,46 +52,60 @@ class UserAssertions(DetectionModule): |
|
|
|
:param state: |
|
|
|
:param state: |
|
|
|
:return: |
|
|
|
:return: |
|
|
|
""" |
|
|
|
""" |
|
|
|
topic, size, mem_start = state.mstate.stack[-3:] |
|
|
|
|
|
|
|
|
|
|
|
try: |
|
|
|
if topic.symbolic or topic.value != assertion_failed_hash: |
|
|
|
|
|
|
|
return [] |
|
|
|
transaction_sequence = solver.get_transaction_sequence( |
|
|
|
|
|
|
|
state, state.world_state.constraints |
|
|
|
message = None |
|
|
|
|
|
|
|
if not mem_start.symbolic and not size.symbolic: |
|
|
|
|
|
|
|
message = eth_abi.decode_single( |
|
|
|
|
|
|
|
"string", |
|
|
|
|
|
|
|
bytes( |
|
|
|
|
|
|
|
state.mstate.memory[ |
|
|
|
|
|
|
|
mem_start.value + 32 : mem_start.value + size.value |
|
|
|
|
|
|
|
] |
|
|
|
|
|
|
|
), |
|
|
|
|
|
|
|
).decode("utf8") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
description_head = "A user-provided assertion failed." |
|
|
|
|
|
|
|
if message: |
|
|
|
|
|
|
|
description_tail = "A user-provided assertion failed with the message '{}'".format( |
|
|
|
|
|
|
|
message |
|
|
|
|
|
|
|
) |
|
|
|
) |
|
|
|
else: |
|
|
|
|
|
|
|
description_tail = "A user-provided assertion failed." |
|
|
|
topic, size, mem_start = state.mstate.stack[-3:] |
|
|
|
|
|
|
|
|
|
|
|
address = state.get_current_instruction()["address"] |
|
|
|
if topic.symbolic or topic.value != assertion_failed_hash: |
|
|
|
issue = PotentialIssue( |
|
|
|
return [] |
|
|
|
contract=state.environment.active_account.contract_name, |
|
|
|
|
|
|
|
function_name=state.environment.active_function_name, |
|
|
|
message = None |
|
|
|
address=address, |
|
|
|
if not mem_start.symbolic and not size.symbolic: |
|
|
|
swc_id=ASSERT_VIOLATION, |
|
|
|
message = eth_abi.decode_single( |
|
|
|
title="Assertion Failed", |
|
|
|
"string", |
|
|
|
bytecode=state.environment.code.bytecode, |
|
|
|
bytes( |
|
|
|
severity="Medium", |
|
|
|
state.mstate.memory[ |
|
|
|
description_head=description_head, |
|
|
|
mem_start.value + 32 : mem_start.value + size.value |
|
|
|
description_tail=description_tail, |
|
|
|
] |
|
|
|
constraints=[], |
|
|
|
), |
|
|
|
detector=self, |
|
|
|
).decode("utf8") |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
if message: |
|
|
|
return [issue] |
|
|
|
description_tail = "A user-provided assertion failed with the message '{}'".format( |
|
|
|
|
|
|
|
message |
|
|
|
|
|
|
|
) |
|
|
|
|
|
|
|
log.info("MythX assertion emitted: {}".format(message)) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
else: |
|
|
|
|
|
|
|
description_tail = "A user-provided assertion failed." |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
address = state.get_current_instruction()["address"] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
issue = Issue( |
|
|
|
|
|
|
|
contract=state.environment.active_account.contract_name, |
|
|
|
|
|
|
|
function_name=state.environment.active_function_name, |
|
|
|
|
|
|
|
address=address, |
|
|
|
|
|
|
|
swc_id=ASSERT_VIOLATION, |
|
|
|
|
|
|
|
title="Exception State", |
|
|
|
|
|
|
|
severity="Medium", |
|
|
|
|
|
|
|
description_head="A user-provided assertion failed.", |
|
|
|
|
|
|
|
description_tail=description_tail, |
|
|
|
|
|
|
|
bytecode=state.environment.code.bytecode, |
|
|
|
|
|
|
|
transaction_sequence=transaction_sequence, |
|
|
|
|
|
|
|
gas_used=(state.mstate.min_gas_used, state.mstate.max_gas_used), |
|
|
|
|
|
|
|
) |
|
|
|
|
|
|
|
return [issue] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
except UnsatError: |
|
|
|
|
|
|
|
log.debug("no model found") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return [] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
detector = UserAssertions() |
|
|
|
detector = UserAssertions() |
|
|
|
|
Bernhard Mueller
5 years ago