From f287f505a37ec65ca678f6a659239c220bf61157 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 25 Jun 2019 10:46:51 +0530 Subject: [PATCH 1/7] Update docs after cli refactor --- docs/source/installation.rst | 4 ++-- docs/source/security-analysis.rst | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/source/installation.rst b/docs/source/installation.rst index fbec3fb5..f2a95236 100644 --- a/docs/source/installation.rst +++ b/docs/source/installation.rst @@ -57,10 +57,10 @@ Use :code:`docker run mythril/myth` the same way you would use the :code:`myth` .. code-block:: bash docker run mythril/myth --help - docker run mythril/myth -dc "0x6060" + docker run mythril/myth disassemble -c "0x6060" To pass a file from your host machine to the dockerized Mythril, you must mount its containing folder to the container properly. For :code:`contract.sol` in the current working directory, do: .. code-block:: bash - docker run -v $(pwd):/tmp mythril/myth -x /tmp/contract.sol + docker run -v $(pwd):/tmp mythril/myth analyze /tmp/contract.sol diff --git a/docs/source/security-analysis.rst b/docs/source/security-analysis.rst index 4cd1010e..2e276f70 100644 --- a/docs/source/security-analysis.rst +++ b/docs/source/security-analysis.rst @@ -11,7 +11,7 @@ In order to work with Solidity source code files, the `solc command line compile .. code-block:: bash - $ myth -x ether_send.sol + $ myth analyze ether_send.sol ==== Unprotected Ether Withdrawal ==== SWC ID: 105 Severity: High @@ -32,7 +32,7 @@ If an input file contains multiple contract definitions, Mythril analyzes the *l .. code-block:: bash - myth -x OmiseGo.sol:OMGToken + myth analyze OmiseGo.sol:OMGToken Specifying Solc Versions ######################## @@ -47,7 +47,7 @@ By default, analysis results are printed to the terminal in text format. You can .. code-block:: bash - myth -xo jsonv2 underflow.sol + myth analyze underflow.sol -o jsonv2 Available formats are :code:`text`, :code:`markdown`, :code:`json`, and :code:`jsonv2`. For integration with other tools, :code:`jsonv2` is generally preferred over :code:`json` because it is consistent with other `MythX `_ tools. @@ -73,13 +73,13 @@ Analyze mainnet contract via INFURA: .. code-block:: bash - myth -x -a 0x5c436ff914c458983414019195e0f4ecbef9e6dd + myth analyze -a 0x5c436ff914c458983414019195e0f4ecbef9e6dd Adding the :code:`-l` flag will cause mythril to automatically retrieve dependencies, such as dynamically linked library contracts: .. code-block:: bash - myth -xla 0xEbFD99838cb0c132016B9E117563CB41f2B02264 -v4 + myth -v4 analyze -l -a 0xEbFD99838cb0c132016B9E117563CB41f2B02264 ****************** Speed vs. Coverage From 7edb263fced2db759de9db0ce735e56eeef5e884 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 25 Jun 2019 13:57:57 +0530 Subject: [PATCH 2/7] Improve reporting --- mythril/analysis/report.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 86f2fbb8..6e76c47c 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -76,9 +76,12 @@ class Issue: @property def transaction_sequence_jsonv2(self): - """ Returns the transaction sequence in json with pre-generated block data""" + """ + Returns the transaction sequence with pre-generated block data. + Jsonv2 tx sequence isn't formatted for user readability. + """ return ( - json.dumps(self.add_block_data(self.transaction_sequence), indent=4) + self.add_block_data(self.transaction_sequence) if self.transaction_sequence else None ) @@ -226,7 +229,6 @@ class Report: :return: """ _issues = [] - source_list = [] for key, issue in self.issues.items(): @@ -237,7 +239,8 @@ class Report: title = "Unspecified Security Issue" extra = {"discoveryTime": int(issue.discovery_time * 10 ** 9)} if issue.transaction_sequence_jsonv2: - extra["testCase"] = str(issue.transaction_sequence_jsonv2) + extra["testCase"] = issue.transaction_sequence_jsonv2 + _issues.append( { "swcID": "SWC-" + issue.swc_id, From 7d69233fcd3b7a91ad353dfb9444224f5d9ccc5e Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 25 Jun 2019 23:48:10 +0530 Subject: [PATCH 3/7] Support for old cli --- myth | 20 +- mythril/interfaces/old_cli.py | 549 ++++++++++++++++++++++++++++++++++ 2 files changed, 568 insertions(+), 1 deletion(-) create mode 100644 mythril/interfaces/old_cli.py diff --git a/myth b/myth index a45d431f..f378aba7 100755 --- a/myth +++ b/myth @@ -3,7 +3,25 @@ """mythril.py: Bug hunting on the Ethereum blockchain http://www.github.com/b-mueller/mythril """ +from sys import argv, exit +from mythril.interfaces.cli import COMMAND_LIST import mythril.interfaces.cli +import mythril.interfaces.old_cli +import warnings + + +def format_Warning(message, category, filename, lineno, line=""): + return "Deprecated Warning: {}\n\n".format(str(message)) + + +warnings.formatwarning = format_Warning if __name__ == "__main__": - mythril.interfaces.cli.main() + for arg in argv: + if arg in COMMAND_LIST: + mythril.interfaces.cli.main() + exit() + warnings.warn("The old cli arguments are deprecated, Please use 'myth -h' to view the new command line interface") + mythril.interfaces.old_cli.main() + + diff --git a/mythril/interfaces/old_cli.py b/mythril/interfaces/old_cli.py new file mode 100644 index 00000000..4c9d4222 --- /dev/null +++ b/mythril/interfaces/old_cli.py @@ -0,0 +1,549 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +"""mythril.py: Bug hunting on the Ethereum blockchain + + http://www.github.com/ConsenSys/mythril +""" + +import argparse +import json +import logging +import os +import sys + +import coloredlogs +import traceback + +import mythril.support.signatures as sigs +from mythril.exceptions import AddressNotFoundError, CriticalError +from mythril.mythril import ( + MythrilAnalyzer, + MythrilDisassembler, + MythrilConfig, + MythrilLevelDB, +) +from mythril.__version__ import __version__ as VERSION + +log = logging.getLogger(__name__) + + +def exit_with_error(format_, message): + """ + :param format_: + :param message: + """ + if format_ == "text" or format_ == "markdown": + log.error(message) + elif format_ == "json": + result = {"success": False, "error": str(message), "issues": []} + print(json.dumps(result)) + else: + result = [ + { + "issues": [], + "sourceType": "", + "sourceFormat": "", + "sourceList": [], + "meta": { + "logs": [{"level": "error", "hidden": "true", "msg": message}] + }, + } + ] + print(json.dumps(result)) + sys.exit() + + +def main() -> None: + """The main CLI interface entry point.""" + parser = argparse.ArgumentParser( + description="Security analysis of Ethereum smart contracts" + ) + create_parser(parser) + + # Get config values + + args = parser.parse_args() + parse_args(parser=parser, args=args) + + +def create_parser(parser: argparse.ArgumentParser) -> None: + """ + Creates the parser by setting all the possible arguments + :param parser: The parser + """ + parser.add_argument("solidity_file", nargs="*") + + commands = parser.add_argument_group("commands") + commands.add_argument("-g", "--graph", help="generate a control flow graph") + commands.add_argument( + "-V", + "--version", + action="store_true", + help="print the Mythril version number and exit", + ) + commands.add_argument( + "-x", + "--fire-lasers", + action="store_true", + help="detect vulnerabilities, use with -c, -a or solidity file(s)", + ) + commands.add_argument( + "--truffle", + action="store_true", + help="analyze a truffle project (run from project dir)", + ) + commands.add_argument( + "-d", "--disassemble", action="store_true", help="print disassembly" + ) + commands.add_argument( + "-j", + "--statespace-json", + help="dumps the statespace json", + metavar="OUTPUT_FILE", + ) + + inputs = parser.add_argument_group("input arguments") + inputs.add_argument( + "-c", + "--code", + help='hex-encoded bytecode string ("6060604052...")', + metavar="BYTECODE", + ) + inputs.add_argument( + "-f", + "--codefile", + help="file containing hex-encoded bytecode string", + metavar="BYTECODEFILE", + type=argparse.FileType("r"), + ) + inputs.add_argument( + "-a", + "--address", + help="pull contract from the blockchain", + metavar="CONTRACT_ADDRESS", + ) + inputs.add_argument( + "-l", + "--dynld", + action="store_true", + help="auto-load dependencies from the blockchain", + ) + inputs.add_argument( + "--no-onchain-storage-access", + action="store_true", + help="turns off getting the data from onchain contracts", + ) + inputs.add_argument( + "--bin-runtime", + action="store_true", + help="Only when -c or -f is used. Consider the input bytecode as binary runtime code, default being the contract creation bytecode.", + ) + + outputs = parser.add_argument_group("output formats") + outputs.add_argument( + "-o", + "--outform", + choices=["text", "markdown", "json", "jsonv2"], + default="text", + help="report output format", + metavar="", + ) + outputs.add_argument( + "--verbose-report", + action="store_true", + help="Include debugging information in report", + ) + + database = parser.add_argument_group("local contracts database") + database.add_argument( + "-s", "--search", help="search the contract database", metavar="EXPRESSION" + ) + database.add_argument( + "--leveldb-dir", + help="specify leveldb directory for search or direct access operations", + metavar="LEVELDB_PATH", + ) + + utilities = parser.add_argument_group("utilities") + utilities.add_argument( + "--hash", help="calculate function signature hash", metavar="SIGNATURE" + ) + utilities.add_argument( + "--storage", + help="read state variables from storage index, use with -a", + metavar="INDEX,NUM_SLOTS,[array] / mapping,INDEX,[KEY1, KEY2...]", + ) + utilities.add_argument( + "--solv", + help="specify solidity compiler version. If not present, will try to install it (Experimental)", + metavar="SOLV", + ) + utilities.add_argument( + "--contract-hash-to-address", + help="returns corresponding address for a contract address hash", + metavar="SHA3_TO_LOOK_FOR", + ) + + options = parser.add_argument_group("options") + options.add_argument( + "-m", + "--modules", + help="Comma-separated list of security analysis modules", + metavar="MODULES", + ) + options.add_argument( + "--max-depth", + type=int, + default=50, + help="Maximum recursion depth for symbolic execution", + ) + options.add_argument( + "--strategy", + choices=["dfs", "bfs", "naive-random", "weighted-random"], + default="bfs", + help="Symbolic execution strategy", + ) + options.add_argument( + "-b", + "--loop-bound", + type=int, + default=4, + help="Bound loops at n iterations", + metavar="N", + ) + options.add_argument( + "-t", + "--transaction-count", + type=int, + default=2, + help="Maximum number of transactions issued by laser", + ) + options.add_argument( + "--execution-timeout", + type=int, + default=86400, + help="The amount of seconds to spend on symbolic execution", + ) + options.add_argument( + "--create-timeout", + type=int, + default=10, + help="The amount of seconds to spend on " "the initial contract creation", + ) + options.add_argument("--solc-args", help="Extra arguments for solc") + options.add_argument( + "--phrack", action="store_true", help="Phrack-style call graph" + ) + options.add_argument( + "--enable-physics", action="store_true", help="enable graph physics simulation" + ) + options.add_argument( + "-v", type=int, help="log level (0-5)", metavar="LOG_LEVEL", default=2 + ) + options.add_argument( + "-q", + "--query-signature", + action="store_true", + help="Lookup function signatures through www.4byte.directory", + ) + options.add_argument( + "--enable-iprof", action="store_true", help="enable the instruction profiler" + ) + options.add_argument( + "--disable-dependency-pruning", + action="store_true", + help="Deactivate dependency-based pruning", + ) + + rpc = parser.add_argument_group("RPC options") + + rpc.add_argument( + "--rpc", + help="custom RPC settings", + metavar="HOST:PORT / ganache / infura-[network_name]", + default="infura-mainnet", + ) + rpc.add_argument( + "--rpctls", type=bool, default=False, help="RPC connection over TLS" + ) + parser.add_argument("--epic", action="store_true", help=argparse.SUPPRESS) + + +def validate_args(parser: argparse.ArgumentParser, args: argparse.Namespace): + if not ( + args.search + or args.hash + or args.disassemble + or args.graph + or args.fire_lasers + or args.storage + or args.truffle + or args.statespace_json + or args.contract_hash_to_address + ): + parser.print_help() + sys.exit() + + if args.v: + if 0 <= args.v < 6: + log_levels = [ + logging.NOTSET, + logging.CRITICAL, + logging.ERROR, + logging.WARNING, + logging.INFO, + logging.DEBUG, + ] + coloredlogs.install( + fmt="%(name)s [%(levelname)s]: %(message)s", level=log_levels[args.v] + ) + logging.getLogger("mythril").setLevel(log_levels[args.v]) + else: + exit_with_error( + args.outform, "Invalid -v value, you can find valid values in usage" + ) + + if args.query_signature: + if sigs.ethereum_input_decoder is None: + exit_with_error( + args.outform, + "The --query-signature function requires the python package ethereum-input-decoder", + ) + + if args.enable_iprof: + if args.v < 4: + exit_with_error( + args.outform, + "--enable-iprof must be used with -v LOG_LEVEL where LOG_LEVEL >= 4", + ) + elif not (args.graph or args.fire_lasers or args.statespace_json): + exit_with_error( + args.outform, + "--enable-iprof must be used with one of -g, --graph, -x, --fire-lasers, -j and --statespace-json", + ) + + +def quick_commands(args: argparse.Namespace): + if args.hash: + print(MythrilDisassembler.hash_for_function_signature(args.hash)) + sys.exit() + + +def set_config(args: argparse.Namespace): + config = MythrilConfig() + if args.dynld or not args.no_onchain_storage_access and not (args.rpc or args.i): + config.set_api_from_config_path() + + if args.address: + # Establish RPC connection if necessary + config.set_api_rpc(rpc=args.rpc, rpctls=args.rpctls) + elif args.search or args.contract_hash_to_address: + # Open LevelDB if necessary + config.set_api_leveldb( + config.leveldb_dir if not args.leveldb_dir else args.leveldb_dir + ) + return config + + +def leveldb_search(config: MythrilConfig, args: argparse.Namespace): + if args.search or args.contract_hash_to_address: + leveldb_searcher = MythrilLevelDB(config.eth_db) + if args.search: + # Database search ops + leveldb_searcher.search_db(args.search) + + else: + # search corresponding address + try: + leveldb_searcher.contract_hash_to_address(args.contract_hash_to_address) + except AddressNotFoundError: + print("Address not found.") + + sys.exit() + + +def get_code(disassembler: MythrilDisassembler, args: argparse.Namespace): + address = None + if args.code: + # Load from bytecode + code = args.code[2:] if args.code.startswith("0x") else args.code + address, _ = disassembler.load_from_bytecode(code, args.bin_runtime) + elif args.codefile: + bytecode = "".join([l.strip() for l in args.codefile if len(l.strip()) > 0]) + bytecode = bytecode[2:] if bytecode.startswith("0x") else bytecode + address, _ = disassembler.load_from_bytecode(bytecode, args.bin_runtime) + elif args.address: + # Get bytecode from a contract address + address, _ = disassembler.load_from_address(args.address) + elif args.solidity_file: + # Compile Solidity source file(s) + if args.graph and len(args.solidity_file) > 1: + exit_with_error( + args.outform, + "Cannot generate call graphs from multiple input files. Please do it one at a time.", + ) + address, _ = disassembler.load_from_solidity( + args.solidity_file + ) # list of files + else: + exit_with_error( + args.outform, + "No input bytecode. Please provide EVM code via -c BYTECODE, -a ADDRESS, or -i SOLIDITY_FILES", + ) + return address + + +def execute_command( + disassembler: MythrilDisassembler, + address: str, + parser: argparse.ArgumentParser, + args: argparse.Namespace, +): + + if args.storage: + if not args.address: + exit_with_error( + args.outform, + "To read storage, provide the address of a deployed contract with the -a option.", + ) + + storage = disassembler.get_state_variable_from_storage( + address=address, params=[a.strip() for a in args.storage.strip().split(",")] + ) + print(storage) + return + + analyzer = MythrilAnalyzer( + strategy=args.strategy, + disassembler=disassembler, + address=address, + max_depth=args.max_depth, + execution_timeout=args.execution_timeout, + loop_bound=args.loop_bound, + create_timeout=args.create_timeout, + enable_iprof=args.enable_iprof, + disable_dependency_pruning=args.disable_dependency_pruning, + onchain_storage_access=not args.no_onchain_storage_access, + ) + + if args.disassemble: + # or mythril.disassemble(mythril.contracts[0]) + + if disassembler.contracts[0].code: + print("Runtime Disassembly: \n" + disassembler.contracts[0].get_easm()) + if disassembler.contracts[0].creation_code: + print("Disassembly: \n" + disassembler.contracts[0].get_creation_easm()) + + elif args.graph or args.fire_lasers: + if not disassembler.contracts: + exit_with_error( + args.outform, "input files do not contain any valid contracts" + ) + + if args.graph: + html = analyzer.graph_html( + contract=analyzer.contracts[0], + enable_physics=args.enable_physics, + phrackify=args.phrack, + transaction_count=args.transaction_count, + ) + + try: + with open(args.graph, "w") as f: + f.write(html) + except Exception as e: + exit_with_error(args.outform, "Error saving graph: " + str(e)) + + else: + try: + report = analyzer.fire_lasers( + modules=[m.strip() for m in args.modules.strip().split(",")] + if args.modules + else [], + verbose_report=args.verbose_report, + transaction_count=args.transaction_count, + ) + outputs = { + "json": report.as_json(), + "jsonv2": report.as_swc_standard_format(), + "text": report.as_text(), + "markdown": report.as_markdown(), + } + print(outputs[args.outform]) + except ModuleNotFoundError as e: + exit_with_error( + args.outform, "Error loading analyis modules: " + format(e) + ) + + elif args.statespace_json: + + if not analyzer.contracts: + exit_with_error( + args.outform, "input files do not contain any valid contracts" + ) + + statespace = analyzer.dump_statespace(contract=analyzer.contracts[0]) + + try: + with open(args.statespace_json, "w") as f: + json.dump(statespace, f) + except Exception as e: + exit_with_error(args.outform, "Error saving json: " + str(e)) + + else: + parser.print_help() + + +def parse_args(parser: argparse.ArgumentParser, args: argparse.Namespace) -> None: + """ + Parses the arguments + :param parser: The parser + :param args: The args + """ + + if args.epic: + path = os.path.dirname(os.path.realpath(__file__)) + sys.argv.remove("--epic") + os.system(" ".join(sys.argv) + " | python3 " + path + "/epic.py") + sys.exit() + + if args.version: + if args.outform == "json": + print(json.dumps({"version_str": VERSION})) + else: + print("Mythril version {}".format(VERSION)) + sys.exit() + + # Parse cmdline args + validate_args(parser, args) + try: + quick_commands(args) + config = set_config(args) + leveldb_search(config, args) + disassembler = MythrilDisassembler( + eth=config.eth, + solc_version=args.solv, + solc_args=args.solc_args, + enable_online_lookup=args.query_signature, + ) + if args.truffle: + try: + disassembler.analyze_truffle_project(args) + except FileNotFoundError: + print( + "Build directory not found. Make sure that you start the analysis from the project root, and that 'truffle compile' has executed successfully." + ) + sys.exit() + + address = get_code(disassembler, args) + execute_command( + disassembler=disassembler, address=address, parser=parser, args=args + ) + except CriticalError as ce: + exit_with_error(args.outform, str(ce)) + except Exception: + exit_with_error(args.outform, traceback.format_exc()) + + +if __name__ == "__main__": + main() From 45ed3e3a146c8304e07db31ab835944a2f8cf591 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 25 Jun 2019 23:51:19 +0530 Subject: [PATCH 4/7] Revert "Improve reporting" This reverts commit 7edb263fced2db759de9db0ce735e56eeef5e884. --- mythril/analysis/report.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 6e76c47c..86f2fbb8 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -76,12 +76,9 @@ class Issue: @property def transaction_sequence_jsonv2(self): - """ - Returns the transaction sequence with pre-generated block data. - Jsonv2 tx sequence isn't formatted for user readability. - """ + """ Returns the transaction sequence in json with pre-generated block data""" return ( - self.add_block_data(self.transaction_sequence) + json.dumps(self.add_block_data(self.transaction_sequence), indent=4) if self.transaction_sequence else None ) @@ -229,6 +226,7 @@ class Report: :return: """ _issues = [] + source_list = [] for key, issue in self.issues.items(): @@ -239,8 +237,7 @@ class Report: title = "Unspecified Security Issue" extra = {"discoveryTime": int(issue.discovery_time * 10 ** 9)} if issue.transaction_sequence_jsonv2: - extra["testCase"] = issue.transaction_sequence_jsonv2 - + extra["testCase"] = str(issue.transaction_sequence_jsonv2) _issues.append( { "swcID": "SWC-" + issue.swc_id, From bb3c231ac46d116288959f73969dbdeef1cb9b16 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Tue, 25 Jun 2019 23:51:44 +0530 Subject: [PATCH 5/7] Improve reporting (#1101) --- mythril/analysis/report.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 86f2fbb8..6e76c47c 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -76,9 +76,12 @@ class Issue: @property def transaction_sequence_jsonv2(self): - """ Returns the transaction sequence in json with pre-generated block data""" + """ + Returns the transaction sequence with pre-generated block data. + Jsonv2 tx sequence isn't formatted for user readability. + """ return ( - json.dumps(self.add_block_data(self.transaction_sequence), indent=4) + self.add_block_data(self.transaction_sequence) if self.transaction_sequence else None ) @@ -226,7 +229,6 @@ class Report: :return: """ _issues = [] - source_list = [] for key, issue in self.issues.items(): @@ -237,7 +239,8 @@ class Report: title = "Unspecified Security Issue" extra = {"discoveryTime": int(issue.discovery_time * 10 ** 9)} if issue.transaction_sequence_jsonv2: - extra["testCase"] = str(issue.transaction_sequence_jsonv2) + extra["testCase"] = issue.transaction_sequence_jsonv2 + _issues.append( { "swcID": "SWC-" + issue.swc_id, From 9e59d4ec1dbc3da52cf49773eb574b9cdf6d0539 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Tue, 25 Jun 2019 20:32:05 +0200 Subject: [PATCH 6/7] Remove report tests in favor of Edelweiss tests --- tests/report_test.py | 200 ------------------ .../outputs_expected/calls.sol.o.json | 123 ----------- .../outputs_expected/calls.sol.o.jsonv2 | 174 --------------- .../outputs_expected/calls.sol.o.markdown | 118 ----------- .../outputs_expected/calls.sol.o.text | 99 --------- .../outputs_expected/ether_send.sol.o.json | 32 --- .../outputs_expected/ether_send.sol.o.jsonv2 | 48 ----- .../ether_send.sol.o.markdown | 27 --- .../outputs_expected/ether_send.sol.o.text | 22 -- .../outputs_expected/exceptions.sol.o.json | 58 ----- .../outputs_expected/exceptions.sol.o.jsonv2 | 84 -------- .../exceptions.sol.o.markdown | 53 ----- .../outputs_expected/exceptions.sol.o.text | 44 ---- .../kinds_of_calls.sol.o.json | 84 -------- .../kinds_of_calls.sol.o.jsonv2 | 120 ----------- .../kinds_of_calls.sol.o.markdown | 79 ------- .../kinds_of_calls.sol.o.text | 66 ------ .../outputs_expected/metacoin.sol.o.json | 5 - .../outputs_expected/metacoin.sol.o.jsonv2 | 11 - .../outputs_expected/metacoin.sol.o.markdown | 3 - .../outputs_expected/metacoin.sol.o.text | 1 - .../multi_contracts.sol.o.json | 19 -- .../multi_contracts.sol.o.jsonv2 | 30 --- .../multi_contracts.sol.o.markdown | 14 -- .../multi_contracts.sol.o.text | 11 - .../outputs_expected/nonascii.sol.o.json | 5 - .../outputs_expected/nonascii.sol.o.jsonv2 | 11 - .../outputs_expected/nonascii.sol.o.markdown | 3 - .../outputs_expected/nonascii.sol.o.text | 1 - .../outputs_expected/origin.sol.o.json | 19 -- .../outputs_expected/origin.sol.o.jsonv2 | 30 --- .../outputs_expected/origin.sol.o.markdown | 15 -- .../outputs_expected/origin.sol.o.text | 12 -- .../outputs_expected/overflow.sol.o.json | 45 ---- .../outputs_expected/overflow.sol.o.jsonv2 | 66 ------ .../outputs_expected/overflow.sol.o.markdown | 40 ---- .../outputs_expected/overflow.sol.o.text | 33 --- .../outputs_expected/returnvalue.sol.o.json | 45 ---- .../outputs_expected/returnvalue.sol.o.jsonv2 | 66 ------ .../returnvalue.sol.o.markdown | 40 ---- .../outputs_expected/returnvalue.sol.o.text | 33 --- .../outputs_expected/suicide.sol.o.json | 19 -- .../outputs_expected/suicide.sol.o.jsonv2 | 30 --- .../outputs_expected/suicide.sol.o.markdown | 14 -- .../outputs_expected/suicide.sol.o.text | 11 - .../outputs_expected/underflow.sol.o.json | 45 ---- .../outputs_expected/underflow.sol.o.jsonv2 | 66 ------ .../outputs_expected/underflow.sol.o.markdown | 40 ---- .../outputs_expected/underflow.sol.o.text | 33 --- 49 files changed, 2247 deletions(-) delete mode 100644 tests/report_test.py delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.json delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/calls.sol.o.text delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.json delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/ether_send.sol.o.text delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.json delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/exceptions.sol.o.text delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.json delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/kinds_of_calls.sol.o.text delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.json delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/metacoin.sol.o.text delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.json delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/multi_contracts.sol.o.text delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.json delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/nonascii.sol.o.text delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.json delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/origin.sol.o.text delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.json delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/overflow.sol.o.text delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.json delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/returnvalue.sol.o.text delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.json delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/suicide.sol.o.text delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.json delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.jsonv2 delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.markdown delete mode 100644 tests/testdata/outputs_expected/underflow.sol.o.text diff --git a/tests/report_test.py b/tests/report_test.py deleted file mode 100644 index 73554880..00000000 --- a/tests/report_test.py +++ /dev/null @@ -1,200 +0,0 @@ -from mythril.analysis.report import Report -from mythril.analysis.security import fire_lasers, reset_callback_modules -from mythril.analysis.symbolic import SymExecWrapper -from mythril.ethereum import util -from mythril.solidity.soliditycontract import EVMContract -from multiprocessing import Pool, cpu_count -import pytest -import json -from tests import * -import difflib - - -def _fix_path(text): - return text.replace(str(TESTDATA), "") - - -def _fix_debug_data(json_str): - read_json = json.loads(json_str) - for issue in read_json["issues"]: - issue["tx_sequence"] = "" - - return json.dumps(read_json, sort_keys=True, indent=4) - - -def _add_jsonv2_stubs(json_str): - read_json = json.loads(json_str) - for issue in read_json[0]["issues"]: - issue["extra"]["discoveryTime"] = "" - issue["extra"]["testCase"] = "" - return json.dumps(read_json, sort_keys=True, indent=4) - - -def _generate_report(input_file): - contract = EVMContract(input_file.read_text(), enable_online_lookup=False) - sym = SymExecWrapper( - contract, - address=0xAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFE, - strategy="dfs", - execution_timeout=30, - transaction_count=1, - ) - issues = fire_lasers(sym) - - report = Report(contracts=[contract]) - for issue in issues: - issue.filename = "test-filename.sol" - report.append_issue(issue) - return report, input_file - - -@pytest.fixture(scope="module") -def reports(): - """Fixture that analyses all reports.""" - reset_callback_modules() - pool = Pool(cpu_count()) - input_files = sorted( - [f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"] - ) - results = pool.map(_generate_report, input_files) - - return results - - -def _assert_empty(changed_files, postfix): - """Asserts there are no changed files and otherwise builds error - message.""" - message = "" - for input_file in changed_files: - output_expected = ( - (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)) - .read_text() - .splitlines(1) - ) - output_current = ( - (TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)) - .read_text() - .splitlines(1) - ) - - difference = "".join(difflib.unified_diff(output_expected, output_current)) - message += "Found differing file for input: {} \n Difference: \n {} \n".format( - str(input_file), str(difference) - ) - - assert message == "", message - - -def _assert_empty_json(changed_files, postfix=".json"): - """Asserts there are no changed files and otherwise builds error - message.""" - expected = [] - actual = [] - - def ordered(obj): - """ - - :param obj: - :return: - """ - if isinstance(obj, dict): - return sorted((k, ordered(v)) for k, v in obj.items()) - elif isinstance(obj, list): - return sorted(ordered(x) for x in obj) - else: - return obj - - for input_file in changed_files: - output_expected = json.loads( - (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text() - ) - output_current = json.loads( - (TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text() - ) - - if not ordered(output_expected) == ordered(output_current): - expected.append(output_expected) - actual.append(output_current) - print("Found difference in {}".format(str(input_file))) - - assert expected == actual - - -def _get_changed_files(postfix, report_builder, reports): - """Returns a generator for all unexpected changes in generated reports. - - :param postfix: The applicable postfix - :param report_builder: serialization function - :param reports: The reports to serialize - :return: Changed files - """ - for report, input_file in reports: - output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) - output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) - output_current.write_text(report_builder(report)) - if not (output_expected.read_text() == output_current.read_text()): - yield input_file - - -def _get_changed_files_json(report_builder, reports, postfix=".json"): - def ordered(obj): - """ - - :param obj: - :return: - """ - if isinstance(obj, dict): - return sorted((k, ordered(v)) for k, v in obj.items()) - elif isinstance(obj, list): - return sorted(ordered(x) for x in obj) - else: - return obj - - for report, input_file in reports: - output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) - output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) - output_current.write_text(report_builder(report)) - - if not ordered(json.loads(output_expected.read_text())) == ordered( - json.loads(output_current.read_text()) - ): - yield input_file - - -def test_json_report(reports): - _assert_empty_json( - _get_changed_files_json( - lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports - ) - ) - - -def test_markdown_report(reports): - _assert_empty( - _get_changed_files( - ".markdown", lambda report: _fix_path(report.as_markdown()), reports - ), - ".markdown", - ) - - -def test_text_report(reports): - _assert_empty( - _get_changed_files( - ".text", lambda report: _fix_path(report.as_text()), reports - ), - ".text", - ) - - -def test_jsonv2_report(reports): - _assert_empty_json( - _get_changed_files_json( - lambda report: _fix_path( - _add_jsonv2_stubs(report.as_swc_standard_format()) - ).strip(), - reports, - ".jsonv2", - ), - ".jsonv2", - ) diff --git a/tests/testdata/outputs_expected/calls.sol.o.json b/tests/testdata/outputs_expected/calls.sol.o.json deleted file mode 100644 index 0219f575..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.json +++ /dev/null @@ -1,123 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 661, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "thisisfine()", - "max_gas_used": 1254, - "min_gas_used": 643, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 661, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "thisisfine()", - "max_gas_used": 35972, - "min_gas_used": 1361, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 779, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callstoredaddress()", - "max_gas_used": 1298, - "min_gas_used": 687, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 779, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "callstoredaddress()", - "max_gas_used": 36016, - "min_gas_used": 1405, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 858, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "reentrancy()", - "max_gas_used": 1320, - "min_gas_used": 709, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 858, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "reentrancy()", - "max_gas_used": 61052, - "min_gas_used": 6441, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 869, - "contract": "Unknown", - "description": "The contract account state is changed after an external call. \nConsider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.", - "function": "reentrancy()", - "max_gas_used": null, - "min_gas_used": null, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "State change after external call", - "tx_sequence": "" - }, - { - "address": 912, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "calluseraddress(address)", - "max_gas_used": 616, - "min_gas_used": 335, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 912, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "calluseraddress(address)", - "max_gas_used": 35336, - "min_gas_used": 1055, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/calls.sol.o.jsonv2 b/tests/testdata/outputs_expected/calls.sol.o.jsonv2 deleted file mode 100644 index 9bab6f6a..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.jsonv2 +++ /dev/null @@ -1,174 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "661:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "779:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "858:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "912:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The contract account state is changed after an external call. ", - "tail": "Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "869:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "661:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "779:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "858:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "912:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown deleted file mode 100644 index 9472f159..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ /dev/null @@ -1,118 +0,0 @@ -# Analysis results for test-filename.sol - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `thisisfine()` -- PC address: 661 -- Estimated Gas Usage: 643 - 1254 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `thisisfine()` -- PC address: 661 -- Estimated Gas Usage: 1361 - 35972 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callstoredaddress()` -- PC address: 779 -- Estimated Gas Usage: 687 - 1298 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `callstoredaddress()` -- PC address: 779 -- Estimated Gas Usage: 1405 - 36016 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 858 -- Estimated Gas Usage: 709 - 1320 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 858 -- Estimated Gas Usage: 6441 - 61052 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - -## State change after external call -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `reentrancy()` -- PC address: 869 -- Estimated Gas Usage: None - None - -### Description - -The contract account state is changed after an external call. -Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `calluseraddress(address)` -- PC address: 912 -- Estimated Gas Usage: 335 - 616 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `calluseraddress(address)` -- PC address: 912 -- Estimated Gas Usage: 1055 - 35336 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text deleted file mode 100644 index 6b20a8a3..00000000 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ /dev/null @@ -1,99 +0,0 @@ -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: thisisfine() -PC address: 661 -Estimated Gas Usage: 643 - 1254 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: thisisfine() -PC address: 661 -Estimated Gas Usage: 1361 - 35972 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callstoredaddress() -PC address: 779 -Estimated Gas Usage: 687 - 1298 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: callstoredaddress() -PC address: 779 -Estimated Gas Usage: 1405 - 36016 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: reentrancy() -PC address: 858 -Estimated Gas Usage: 709 - 1320 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: reentrancy() -PC address: 858 -Estimated Gas Usage: 6441 - 61052 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== State change after external call ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: reentrancy() -PC address: 869 -Estimated Gas Usage: None - None -The contract account state is changed after an external call. -Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: calluseraddress(address) -PC address: 912 -Estimated Gas Usage: 335 - 616 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: calluseraddress(address) -PC address: 912 -Estimated Gas Usage: 1055 - 35336 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.json b/tests/testdata/outputs_expected/ether_send.sol.o.json deleted file mode 100644 index 1d2e4a19..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 722, - "contract": "Unknown", - "description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", - "function": "withdrawfunds()", - "max_gas_used": 1749, - "min_gas_used": 1138, - "severity": "High", - "sourceMap": null, - "swc-id": "105", - "title": "Unprotected Ether Withdrawal", - "tx_sequence": "" - }, - { - "address": 883, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "invest()", - "max_gas_used": 26883, - "min_gas_used": 6598, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 b/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 deleted file mode 100644 index e848bd2f..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 +++ /dev/null @@ -1,48 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Anyone can withdraw ETH from the contract account.", - "tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "722:1:0" - } - ], - "severity": "High", - "swcID": "SWC-105", - "swcTitle": "Unprotected Ether Withdrawal" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "883:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x3746c7c2ae7b0d4c3f8b1905df9a7ea169b9f93bec68a10a00b4c9d27a18c6fb" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.markdown b/tests/testdata/outputs_expected/ether_send.sol.o.markdown deleted file mode 100644 index 2e1c2a9e..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.markdown +++ /dev/null @@ -1,27 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Ether Withdrawal -- SWC ID: 105 -- Severity: High -- Contract: Unknown -- Function name: `withdrawfunds()` -- PC address: 722 -- Estimated Gas Usage: 1138 - 1749 - -### Description - -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `invest()` -- PC address: 883 -- Estimated Gas Usage: 6598 - 26883 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. diff --git a/tests/testdata/outputs_expected/ether_send.sol.o.text b/tests/testdata/outputs_expected/ether_send.sol.o.text deleted file mode 100644 index 493978be..00000000 --- a/tests/testdata/outputs_expected/ether_send.sol.o.text +++ /dev/null @@ -1,22 +0,0 @@ -==== Unprotected Ether Withdrawal ==== -SWC ID: 105 -Severity: High -Contract: Unknown -Function name: withdrawfunds() -PC address: 722 -Estimated Gas Usage: 1138 - 1749 -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: invest() -PC address: 883 -Estimated Gas Usage: 6598 - 26883 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- - diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.json b/tests/testdata/outputs_expected/exceptions.sol.o.json deleted file mode 100644 index 19030e55..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 446, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "assert3(uint256)", - "max_gas_used": 301, - "min_gas_used": 206, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 484, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "arrayaccess(uint256)", - "max_gas_used": 351, - "min_gas_used": 256, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 506, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "divisionby0(uint256)", - "max_gas_used": 367, - "min_gas_used": 272, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - }, - { - "address": 531, - "contract": "Unknown", - "description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.", - "function": "assert1()", - "max_gas_used": 363, - "min_gas_used": 268, - "severity": "Low", - "sourceMap": null, - "swc-id": "110", - "title": "Exception State", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 b/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 deleted file mode 100644 index 43b6ca48..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 +++ /dev/null @@ -1,84 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "446:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "484:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "506:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - }, - { - "description": { - "head": "A reachable exception has been detected.", - "tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "531:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-110", - "swcTitle": "Assert Violation" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x4a773a86bc6fb269f88bf09bb3094de29b6073cf13b1760e9d01d957f50a9dfd" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.markdown b/tests/testdata/outputs_expected/exceptions.sol.o.markdown deleted file mode 100644 index c5da9834..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.markdown +++ /dev/null @@ -1,53 +0,0 @@ -# Analysis results for test-filename.sol - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `assert3(uint256)` -- PC address: 446 -- Estimated Gas Usage: 206 - 301 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `arrayaccess(uint256)` -- PC address: 484 -- Estimated Gas Usage: 256 - 351 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `divisionby0(uint256)` -- PC address: 506 -- Estimated Gas Usage: 272 - 367 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. - -## Exception State -- SWC ID: 110 -- Severity: Low -- Contract: Unknown -- Function name: `assert1()` -- PC address: 531 -- Estimated Gas Usage: 268 - 363 - -### Description - -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. diff --git a/tests/testdata/outputs_expected/exceptions.sol.o.text b/tests/testdata/outputs_expected/exceptions.sol.o.text deleted file mode 100644 index cfee4d39..00000000 --- a/tests/testdata/outputs_expected/exceptions.sol.o.text +++ /dev/null @@ -1,44 +0,0 @@ -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: assert3(uint256) -PC address: 446 -Estimated Gas Usage: 206 - 301 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: arrayaccess(uint256) -PC address: 484 -Estimated Gas Usage: 256 - 351 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: divisionby0(uint256) -PC address: 506 -Estimated Gas Usage: 272 - 367 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - -==== Exception State ==== -SWC ID: 110 -Severity: Low -Contract: Unknown -Function name: assert1() -PC address: 531 -Estimated Gas Usage: 268 - 363 -A reachable exception has been detected. -It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking. --------------------- - diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json deleted file mode 100644 index c2ee1fd0..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 618, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0x141f32ff", - "max_gas_used": 35865, - "min_gas_used": 1113, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 618, - "contract": "Unknown", - "description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.", - "function": "_function_0x141f32ff", - "max_gas_used": 1141, - "min_gas_used": 389, - "severity": "Medium", - "sourceMap": null, - "swc-id": "111", - "title": "Use of callcode", - "tx_sequence": "" - }, - { - "address": 849, - "contract": "Unknown", - "description": "The contract delegates execution to another contract with a user-supplied address.\nThe smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. ", - "function": "_function_0x9b58bc26", - "max_gas_used": 35928, - "min_gas_used": 1176, - "severity": "Medium", - "sourceMap": null, - "swc-id": "112", - "title": "Delegatecall Proxy To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 849, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0x9b58bc26", - "max_gas_used": 35928, - "min_gas_used": 1176, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - }, - { - "address": 1038, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "_function_0xeea4c864", - "max_gas_used": 1229, - "min_gas_used": 477, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 1038, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "_function_0xeea4c864", - "max_gas_used": 35953, - "min_gas_used": 1201, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 deleted file mode 100644 index d4f5cf82..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 +++ /dev/null @@ -1,120 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The contract delegates execution to another contract with a user-supplied address.", - "tail": "The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. " - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "849:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-112", - "swcTitle": "Delegatecall to Untrusted Callee" - }, - { - "description": { - "head": "Use of callcode is deprecated.", - "tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "618:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-111", - "swcTitle": "Use of Deprecated Solidity Functions" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "1038:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "618:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "849:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "1038:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown deleted file mode 100644 index e6f7f11e..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown +++ /dev/null @@ -1,79 +0,0 @@ -# Analysis results for test-filename.sol - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0x141f32ff` -- PC address: 618 -- Estimated Gas Usage: 1113 - 35865 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - -## Use of callcode -- SWC ID: 111 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0x141f32ff` -- PC address: 618 -- Estimated Gas Usage: 389 - 1141 - -### Description - -Use of callcode is deprecated. -The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. - -## Delegatecall Proxy To User-Supplied Address -- SWC ID: 112 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0x9b58bc26` -- PC address: 849 -- Estimated Gas Usage: 1176 - 35928 - -### Description - -The contract delegates execution to another contract with a user-supplied address. -The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0x9b58bc26` -- PC address: 849 -- Estimated Gas Usage: 1176 - 35928 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1038 -- Estimated Gas Usage: 477 - 1229 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `_function_0xeea4c864` -- PC address: 1038 -- Estimated Gas Usage: 1201 - 35953 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. diff --git a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text b/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text deleted file mode 100644 index 1bb3abad..00000000 --- a/tests/testdata/outputs_expected/kinds_of_calls.sol.o.text +++ /dev/null @@ -1,66 +0,0 @@ -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0x141f32ff -PC address: 618 -Estimated Gas Usage: 1113 - 35865 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== Use of callcode ==== -SWC ID: 111 -Severity: Medium -Contract: Unknown -Function name: _function_0x141f32ff -PC address: 618 -Estimated Gas Usage: 389 - 1141 -Use of callcode is deprecated. -The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead. --------------------- - -==== Delegatecall Proxy To User-Supplied Address ==== -SWC ID: 112 -Severity: Medium -Contract: Unknown -Function name: _function_0x9b58bc26 -PC address: 849 -Estimated Gas Usage: 1176 - 35928 -The contract delegates execution to another contract with a user-supplied address. -The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0x9b58bc26 -PC address: 849 -Estimated Gas Usage: 1176 - 35928 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1038 -Estimated Gas Usage: 477 - 1229 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: _function_0xeea4c864 -PC address: 1038 -Estimated Gas Usage: 1201 - 35953 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.json b/tests/testdata/outputs_expected/metacoin.sol.o.json deleted file mode 100644 index 712f50c1..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "error": null, - "issues": [], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 b/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 deleted file mode 100644 index 40de69b4..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "issues": [], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x0e6f727bb3301e02d3be831bf34357522fd2f1d40e90dff8e2214553b06b5f6c" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.markdown b/tests/testdata/outputs_expected/metacoin.sol.o.markdown deleted file mode 100644 index 321484fd..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.markdown +++ /dev/null @@ -1,3 +0,0 @@ -# Analysis results for None - -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/metacoin.sol.o.text b/tests/testdata/outputs_expected/metacoin.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/metacoin.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.json b/tests/testdata/outputs_expected/multi_contracts.sol.o.json deleted file mode 100644 index cf2fd3af..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 142, - "contract": "Unknown", - "description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.", - "function": "transfer()", - "max_gas_used": 467, - "min_gas_used": 186, - "severity": "High", - "sourceMap": null, - "swc-id": "105", - "title": "Unprotected Ether Withdrawal", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 b/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 deleted file mode 100644 index ec36d8ca..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Anyone can withdraw ETH from the contract account.", - "tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "142:1:0" - } - ], - "severity": "High", - "swcID": "SWC-105", - "swcTitle": "Unprotected Ether Withdrawal" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xbc9c3d9db56d20cf4ca3b6fd88ff9215cf728a092cca1ed8edb83272b933ff5b" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown deleted file mode 100644 index a7eac008..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.markdown +++ /dev/null @@ -1,14 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Ether Withdrawal -- SWC ID: 105 -- Severity: High -- Contract: Unknown -- Function name: `transfer()` -- PC address: 142 -- Estimated Gas Usage: 186 - 467 - -### Description - -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.o.text b/tests/testdata/outputs_expected/multi_contracts.sol.o.text deleted file mode 100644 index a8388020..00000000 --- a/tests/testdata/outputs_expected/multi_contracts.sol.o.text +++ /dev/null @@ -1,11 +0,0 @@ -==== Unprotected Ether Withdrawal ==== -SWC ID: 105 -Severity: High -Contract: Unknown -Function name: transfer() -PC address: 142 -Estimated Gas Usage: 186 - 467 -Anyone can withdraw ETH from the contract account. -Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability. --------------------- - diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.json b/tests/testdata/outputs_expected/nonascii.sol.o.json deleted file mode 100644 index 712f50c1..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "error": null, - "issues": [], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 b/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 deleted file mode 100644 index 0667ad8c..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "issues": [], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x11a78eb09819f505ba4f10747e6d1f7a44480e602c67573b7abac2f733a85d93" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.markdown b/tests/testdata/outputs_expected/nonascii.sol.o.markdown deleted file mode 100644 index 321484fd..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.markdown +++ /dev/null @@ -1,3 +0,0 @@ -# Analysis results for None - -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/nonascii.sol.o.text b/tests/testdata/outputs_expected/nonascii.sol.o.text deleted file mode 100644 index 729320d8..00000000 --- a/tests/testdata/outputs_expected/nonascii.sol.o.text +++ /dev/null @@ -1 +0,0 @@ -The analysis was completed successfully. No issues were detected. diff --git a/tests/testdata/outputs_expected/origin.sol.o.json b/tests/testdata/outputs_expected/origin.sol.o.json deleted file mode 100644 index 6d79baf7..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 317, - "contract": "Unknown", - "description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin", - "function": "transferOwnership(address)", - "max_gas_used": 1051, - "min_gas_used": 626, - "severity": "Medium", - "sourceMap": null, - "swc-id": "111", - "title": "Use of tx.origin", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/origin.sol.o.jsonv2 b/tests/testdata/outputs_expected/origin.sol.o.jsonv2 deleted file mode 100644 index ec679550..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "Use of tx.origin is deprecated.", - "tail": "The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin" - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "317:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-111", - "swcTitle": "Use of Deprecated Solidity Functions" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/origin.sol.o.markdown b/tests/testdata/outputs_expected/origin.sol.o.markdown deleted file mode 100644 index 1f5f83ac..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.markdown +++ /dev/null @@ -1,15 +0,0 @@ -# Analysis results for test-filename.sol - -## Use of tx.origin -- SWC ID: 111 -- Severity: Medium -- Contract: Unknown -- Function name: `transferOwnership(address)` -- PC address: 317 -- Estimated Gas Usage: 626 - 1051 - -### Description - -Use of tx.origin is deprecated. -The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin diff --git a/tests/testdata/outputs_expected/origin.sol.o.text b/tests/testdata/outputs_expected/origin.sol.o.text deleted file mode 100644 index b7ebc992..00000000 --- a/tests/testdata/outputs_expected/origin.sol.o.text +++ /dev/null @@ -1,12 +0,0 @@ -==== Use of tx.origin ==== -SWC ID: 111 -Severity: Medium -Contract: Unknown -Function name: transferOwnership(address) -PC address: 317 -Estimated Gas Usage: 626 - 1051 -Use of tx.origin is deprecated. -The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead. -See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin --------------------- - diff --git a/tests/testdata/outputs_expected/overflow.sol.o.json b/tests/testdata/outputs_expected/overflow.sol.o.json deleted file mode 100644 index 16a2253b..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 567, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 649, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 725, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 78155, - "min_gas_used": 17019, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} diff --git a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 deleted file mode 100644 index 53028f4a..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "567:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "649:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "725:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xf230bec502569e8b7e7737616d0ad0f200c436624e3c223e5398c0615cd2d6b9" - ], - "sourceType": "raw-bytecode" - } -] diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown deleted file mode 100644 index 82642a1e..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ /dev/null @@ -1,40 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 -- Estimated Gas Usage: 17019 - 78155 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text deleted file mode 100644 index e70dda5b..00000000 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ /dev/null @@ -1,33 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -Estimated Gas Usage: 17019 - 78155 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- - -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -Estimated Gas Usage: 17019 - 78155 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -Estimated Gas Usage: 17019 - 78155 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- - diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.json b/tests/testdata/outputs_expected/returnvalue.sol.o.json deleted file mode 100644 index bd7c8a97..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 196, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callchecked()", - "max_gas_used": 1210, - "min_gas_used": 599, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 285, - "contract": "Unknown", - "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.", - "function": "callnotchecked()", - "max_gas_used": 1232, - "min_gas_used": 621, - "severity": "Medium", - "sourceMap": null, - "swc-id": "107", - "title": "External Call To User-Supplied Address", - "tx_sequence": "" - }, - { - "address": 285, - "contract": "Unknown", - "description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.", - "function": "callnotchecked()", - "max_gas_used": 35950, - "min_gas_used": 1339, - "severity": "Low", - "sourceMap": null, - "swc-id": "104", - "title": "Unchecked Call Return Value", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 b/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 deleted file mode 100644 index 8e5bf428..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "196:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "A call to a user-supplied address is executed.", - "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "285:1:0" - } - ], - "severity": "Medium", - "swcID": "SWC-107", - "swcTitle": "Reentrancy" - }, - { - "description": { - "head": "The return value of a message call is not checked.", - "tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "285:1:0" - } - ], - "severity": "Low", - "swcID": "SWC-104", - "swcTitle": "Unchecked Call Return Value" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xb191cf6cc0d8cc37a91c9d88019cc011b932169fb5776df616e2bb9cd93b4039" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown b/tests/testdata/outputs_expected/returnvalue.sol.o.markdown deleted file mode 100644 index 5309f405..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.markdown +++ /dev/null @@ -1,40 +0,0 @@ -# Analysis results for test-filename.sol - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callchecked()` -- PC address: 196 -- Estimated Gas Usage: 599 - 1210 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## External Call To User-Supplied Address -- SWC ID: 107 -- Severity: Medium -- Contract: Unknown -- Function name: `callnotchecked()` -- PC address: 285 -- Estimated Gas Usage: 621 - 1232 - -### Description - -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. - -## Unchecked Call Return Value -- SWC ID: 104 -- Severity: Low -- Contract: Unknown -- Function name: `callnotchecked()` -- PC address: 285 -- Estimated Gas Usage: 1339 - 35950 - -### Description - -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. diff --git a/tests/testdata/outputs_expected/returnvalue.sol.o.text b/tests/testdata/outputs_expected/returnvalue.sol.o.text deleted file mode 100644 index baff23ea..00000000 --- a/tests/testdata/outputs_expected/returnvalue.sol.o.text +++ /dev/null @@ -1,33 +0,0 @@ -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callchecked() -PC address: 196 -Estimated Gas Usage: 599 - 1210 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== External Call To User-Supplied Address ==== -SWC ID: 107 -Severity: Medium -Contract: Unknown -Function name: callnotchecked() -PC address: 285 -Estimated Gas Usage: 621 - 1232 -A call to a user-supplied address is executed. -The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state. --------------------- - -==== Unchecked Call Return Value ==== -SWC ID: 104 -Severity: Low -Contract: Unknown -Function name: callnotchecked() -PC address: 285 -Estimated Gas Usage: 1339 - 35950 -The return value of a message call is not checked. -External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states. --------------------- - diff --git a/tests/testdata/outputs_expected/suicide.sol.o.json b/tests/testdata/outputs_expected/suicide.sol.o.json deleted file mode 100644 index 1c98a444..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 146, - "contract": "Unknown", - "description": "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.", - "function": "kill(address)", - "max_gas_used": 263, - "min_gas_used": 168, - "severity": "High", - "sourceMap": null, - "swc-id": "106", - "title": "Unprotected Selfdestruct", - "tx_sequence": "" - } - ], - "success": true -} \ No newline at end of file diff --git a/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 b/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 deleted file mode 100644 index 30daf88a..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.jsonv2 +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The contract can be killed by anyone.", - "tail": "Anyone can kill this contract and withdraw its balance to an arbitrary address." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "146:1:0" - } - ], - "severity": "High", - "swcID": "SWC-106", - "swcTitle": "Unprotected SELFDESTRUCT Instruction" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0x2fb801366b61a05b30550481a1c8f7d5f20de0b93d9f2f2ce2b28c4e322033c9" - ], - "sourceType": "raw-bytecode" - } -] \ No newline at end of file diff --git a/tests/testdata/outputs_expected/suicide.sol.o.markdown b/tests/testdata/outputs_expected/suicide.sol.o.markdown deleted file mode 100644 index f31b9f3f..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.markdown +++ /dev/null @@ -1,14 +0,0 @@ -# Analysis results for test-filename.sol - -## Unprotected Selfdestruct -- SWC ID: 106 -- Severity: High -- Contract: Unknown -- Function name: `kill(address)` -- PC address: 146 -- Estimated Gas Usage: 168 - 263 - -### Description - -The contract can be killed by anyone. -Anyone can kill this contract and withdraw its balance to an arbitrary address. diff --git a/tests/testdata/outputs_expected/suicide.sol.o.text b/tests/testdata/outputs_expected/suicide.sol.o.text deleted file mode 100644 index 45dd0295..00000000 --- a/tests/testdata/outputs_expected/suicide.sol.o.text +++ /dev/null @@ -1,11 +0,0 @@ -==== Unprotected Selfdestruct ==== -SWC ID: 106 -Severity: High -Contract: Unknown -Function name: kill(address) -PC address: 146 -Estimated Gas Usage: 168 - 263 -The contract can be killed by anyone. -Anyone can kill this contract and withdraw its balance to an arbitrary address. --------------------- - diff --git a/tests/testdata/outputs_expected/underflow.sol.o.json b/tests/testdata/outputs_expected/underflow.sol.o.json deleted file mode 100644 index 416d1176..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "error": null, - "issues": [ - { - "address": 567, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 649, - "contract": "Unknown", - "description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Underflow", - "tx_sequence": "" - }, - { - "address": 725, - "contract": "Unknown", - "description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.", - "function": "sendeth(address,uint256)", - "max_gas_used": 52861, - "min_gas_used": 11915, - "severity": "High", - "sourceMap": null, - "swc-id": "101", - "title": "Integer Overflow", - "tx_sequence": "" - } - ], - "success": true -} diff --git a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 b/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 deleted file mode 100644 index c99aae49..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.jsonv2 +++ /dev/null @@ -1,66 +0,0 @@ -[ - { - "issues": [ - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "567:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary subtraction can underflow.", - "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "649:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - }, - { - "description": { - "head": "The binary addition can overflow.", - "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." - }, - "extra": { - "discoveryTime": "", - "testCase": "" - }, - "locations": [ - { - "sourceMap": "725:1:0" - } - ], - "severity": "High", - "swcID": "SWC-101", - "swcTitle": "Integer Overflow and Underflow" - } - ], - "meta": {}, - "sourceFormat": "evm-byzantium-bytecode", - "sourceList": [ - "0xabef56740bf7795a9f8732e4781ebd27f2977f8a4997e3ff11cee79a4ba6c0ce" - ], - "sourceType": "raw-bytecode" - } -] diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown deleted file mode 100644 index acc444d4..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ /dev/null @@ -1,40 +0,0 @@ -# Analysis results for test-filename.sol - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 567 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -## Integer Underflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 649 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. - -## Integer Overflow -- SWC ID: 101 -- Severity: High -- Contract: Unknown -- Function name: `sendeth(address,uint256)` -- PC address: 725 -- Estimated Gas Usage: 11915 - 52861 - -### Description - -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text deleted file mode 100644 index 498ff588..00000000 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ /dev/null @@ -1,33 +0,0 @@ -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 567 -Estimated Gas Usage: 11915 - 52861 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- - -==== Integer Underflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 649 -Estimated Gas Usage: 11915 - 52861 -The binary subtraction can underflow. -The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion. --------------------- - -==== Integer Overflow ==== -SWC ID: 101 -Severity: High -Contract: Unknown -Function name: sendeth(address,uint256) -PC address: 725 -Estimated Gas Usage: 11915 - 52861 -The binary addition can overflow. -The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion. --------------------- - From 88fdc543be03e0fb300eef5387c7a770f59b38d9 Mon Sep 17 00:00:00 2001 From: Nikhil Parasaram Date: Wed, 26 Jun 2019 10:47:16 +0530 Subject: [PATCH 7/7] Add latest help (#1106) --- myth | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/myth b/myth index f378aba7..8418bef6 100755 --- a/myth +++ b/myth @@ -21,6 +21,10 @@ if __name__ == "__main__": if arg in COMMAND_LIST: mythril.interfaces.cli.main() exit() + if "--help" in argv or "-h" in argv: + mythril.interfaces.cli.main() + exit() + warnings.warn("The old cli arguments are deprecated, Please use 'myth -h' to view the new command line interface") mythril.interfaces.old_cli.main()