Merge pull request #657 from ConsenSys/develop

Merge develop
pull/664/head
Bernhard Mueller 6 years ago committed by GitHub
commit 95b76df677
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      mythril/analysis/modules/dependence_on_predictable_vars.py
  2. 11
      mythril/analysis/modules/integer.py
  3. 1
      mythril/analysis/modules/transaction_order_dependence.py
  4. 7
      mythril/laser/ethereum/instructions.py
  5. 2
      mythril/version.py
  6. 2
      tests/testdata/outputs_expected/overflow.sol.o.json
  7. 4
      tests/testdata/outputs_expected/overflow.sol.o.markdown
  8. 4
      tests/testdata/outputs_expected/overflow.sol.o.text
  9. 2
      tests/testdata/outputs_expected/underflow.sol.o.json
  10. 4
      tests/testdata/outputs_expected/underflow.sol.o.markdown
  11. 4
      tests/testdata/outputs_expected/underflow.sol.o.text

@ -66,7 +66,7 @@ def execute(statespace):
function_name=call.node.function_name, function_name=call.node.function_name,
address=address, address=address,
swc_id=swc_type, swc_id=swc_type,
bytecode=state.environment.code.bytecode, bytecode=call.state.environment.code.bytecode,
title="Dependence on predictable environment variable", title="Dependence on predictable environment variable",
_type="Warning", _type="Warning",
description=description, description=description,
@ -144,7 +144,7 @@ def execute(statespace):
contract=call.node.contract_name, contract=call.node.contract_name,
function_name=call.node.function_name, function_name=call.node.function_name,
address=address, address=address,
bytecode=state.environment.code.bytecode, bytecode=call.state.environment.code.bytecode,
title="Dependence on predictable variable", title="Dependence on predictable variable",
_type="Informational", _type="Informational",
description=description, description=description,

@ -72,11 +72,13 @@ def _check_integer_overflow(statespace, state, node):
# Formulate expression # Formulate expression
if instruction["opcode"] == "ADD": if instruction["opcode"] == "ADD":
expr = op0 + op1 expr = op0 + op1
# constraint = Not(BVAddNoOverflow(op0, op1, signed=False))
else: else:
expr = op1 * op0 expr = op1 * op0
# constraint = Not(BVMulNoOverflow(op0, op1, signed=False))
# Check satisfiable
constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0)) constraint = Or(And(ULT(expr, op0), op1 != 0), And(ULT(expr, op1), op0 != 0))
# Check satisfiable
model = _try_constraints(node.constraints, [constraint]) model = _try_constraints(node.constraints, [constraint])
if model is None: if model is None:
@ -130,11 +132,8 @@ def _try_constraints(constraints, new_constraints):
Tries new constraints Tries new constraints
:return Model if satisfiable otherwise None :return Model if satisfiable otherwise None
""" """
_constraints = copy.deepcopy(constraints)
for constraint in new_constraints:
_constraints.append(copy.deepcopy(constraint))
try: try:
model = solver.get_model(_constraints) model = solver.get_model(constraints + new_constraints)
return model return model
except UnsatError: except UnsatError:
return None return None
@ -210,7 +209,7 @@ def _check_integer_underflow(statespace, state, node):
) )
issue.description = ( issue.description = (
"The substraction can result in an integer underflow.\n" "The subtraction can result in an integer underflow.\n"
) )
issue.debug = "Transaction Sequence: " + str( issue.debug = "Transaction Sequence: " + str(

@ -1,5 +1,6 @@
import logging import logging
import re import re
import copy
from mythril.analysis import solver from mythril.analysis import solver
from mythril.analysis.ops import * from mythril.analysis.ops import *

@ -18,7 +18,6 @@ from z3 import (
URem, URem,
SRem, SRem,
BitVec, BitVec,
Solver,
is_true, is_true,
BitVecVal, BitVecVal,
If, If,
@ -43,7 +42,6 @@ from mythril.laser.ethereum.transaction import (
TransactionStartSignal, TransactionStartSignal,
ContractCreationTransaction, ContractCreationTransaction,
) )
from mythril.analysis.solver import get_model
TT256 = 2 ** 256 TT256 = 2 ** 256
TT256M1 = 2 ** 256 - 1 TT256M1 = 2 ** 256 - 1
@ -924,9 +922,6 @@ class Instruction:
storage_keys = global_state.environment.active_account.storage.keys() storage_keys = global_state.environment.active_account.storage.keys()
keccak_keys = filter(keccak_function_manager.is_keccak, storage_keys) keccak_keys = filter(keccak_function_manager.is_keccak, storage_keys)
solver = Solver()
solver.set(timeout=1000)
results = [] results = []
new = False new = False
@ -934,7 +929,7 @@ class Instruction:
key_argument = keccak_function_manager.get_argument(keccak_key) key_argument = keccak_function_manager.get_argument(keccak_key)
index_argument = keccak_function_manager.get_argument(index) index_argument = keccak_function_manager.get_argument(index)
if is_true(key_argument == index_argument): if is_true(simplify(key_argument == index_argument)):
return self._sstore_helper( return self._sstore_helper(
copy(global_state), copy(global_state),
keccak_key, keccak_key,

@ -1,3 +1,3 @@
# This file is suitable for sourcing inside POSIX shell, e.g. bash as # This file is suitable for sourcing inside POSIX shell, e.g. bash as
# well as for importing into Python # well as for importing into Python
VERSION = "v0.19.0" # NOQA VERSION = "v0.19.1" # NOQA

@ -1 +1 @@
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} {"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

@ -9,7 +9,7 @@
### Description ### Description
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Underflow ## Integer Underflow
- SWC ID: 101 - SWC ID: 101
@ -20,7 +20,7 @@ The substraction can result in an integer underflow.
### Description ### Description
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Overflow ## Integer Overflow
- SWC ID: 101 - SWC ID: 101

@ -4,7 +4,7 @@ Type: Warning
Contract: Unknown Contract: Unknown
Function name: sendeth(address,uint256) Function name: sendeth(address,uint256)
PC address: 567 PC address: 567
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
-------------------- --------------------
@ -14,7 +14,7 @@ Type: Warning
Contract: Unknown Contract: Unknown
Function name: sendeth(address,uint256) Function name: sendeth(address,uint256)
PC address: 649 PC address: 649
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
-------------------- --------------------

@ -1 +1 @@
{"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The substraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true} {"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 725, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The arithmetic operation can result in integer overflow.\n", "function": "sendeth(address,uint256)", "swc_id": "101", "title": "Integer Overflow", "type": "Warning"}], "success": true}

@ -9,7 +9,7 @@
### Description ### Description
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Underflow ## Integer Underflow
- SWC ID: 101 - SWC ID: 101
@ -20,7 +20,7 @@ The substraction can result in an integer underflow.
### Description ### Description
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Overflow ## Integer Overflow
- SWC ID: 101 - SWC ID: 101

@ -4,7 +4,7 @@ Type: Warning
Contract: Unknown Contract: Unknown
Function name: sendeth(address,uint256) Function name: sendeth(address,uint256)
PC address: 567 PC address: 567
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
-------------------- --------------------
@ -14,7 +14,7 @@ Type: Warning
Contract: Unknown Contract: Unknown
Function name: sendeth(address,uint256) Function name: sendeth(address,uint256)
PC address: 649 PC address: 649
The substraction can result in an integer underflow. The subtraction can result in an integer underflow.
-------------------- --------------------

Loading…
Cancel
Save