diff --git a/README.md b/README.md index ea4f0351..bec6e74e 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Function name: withdrawfunds() PC address: 816 In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender. -There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. +There is a check on storage index 7. This storage slot can be written to by calling the function `crowdfunding()`. -------------------- In file: solidity_examples/ether_send.sol:18 diff --git a/mythril/analysis/modules/delegatecall.py b/mythril/analysis/modules/delegatecall.py index 0d0ff1d7..e1ec5c95 100644 --- a/mythril/analysis/modules/delegatecall.py +++ b/mythril/analysis/modules/delegatecall.py @@ -62,7 +62,7 @@ def execute(statespace): func = statespace.find_storage_write(state.environment.active_account.address, idx) if (func): - issue.description = "This contract delegates execution to a contract address in storage slot " + str(idx) + ". This storage slot can be written to by calling the function '" + func + "'. " + issue.description = "This contract delegates execution to a contract address in storage slot " + str(idx) + ". This storage slot can be written to by calling the function `" + func + "`. " else: logging.debug("[DELEGATECALL] No storage writes to index " + str(idx)) diff --git a/mythril/analysis/modules/dependence_on_predictable_vars.py b/mythril/analysis/modules/dependence_on_predictable_vars.py index c5da486d..167c239e 100644 --- a/mythril/analysis/modules/dependence_on_predictable_vars.py +++ b/mythril/analysis/modules/dependence_on_predictable_vars.py @@ -39,7 +39,7 @@ def execute(statespace): address = call.state.get_current_instruction()['address'] - description = "In the function `'" + call.node.function_name + "'` " + description = "In the function `" + call.node.function_name + "` " description += "the following predictable state variables are used to determine Ether recipient:\n" # First check: look for predictable state variables in node & call recipient constraints @@ -64,7 +64,7 @@ def execute(statespace): for constraint in call.node.constraints + [call.to]: if "blockhash" in str(constraint): - description = "In the function `'" + call.node.function_name + "'` " + description = "In the function `" + call.node.function_name + "` " if "number" in str(constraint): m = re.search('blockhash\w+(\s\-\s(\d+))*', str(constraint)) if m and solve(call): diff --git a/mythril/analysis/modules/ether_send.py b/mythril/analysis/modules/ether_send.py index ad7f22a3..d6bf850c 100644 --- a/mythril/analysis/modules/ether_send.py +++ b/mythril/analysis/modules/ether_send.py @@ -39,7 +39,7 @@ def execute(statespace): interesting = False - description = "In the function `'" + call.node.function_name + "'` " + description = "In the function `" + call.node.function_name + "` " if re.search(r'caller', str(call.to)): description += "a non-zero amount of Ether is sent to msg.sender.\n" @@ -60,7 +60,7 @@ def execute(statespace): func = statespace.find_storage_write(state.environment.active_account.address, idx) if (func): - description += "There is a check on storage index " + str(idx) + ". This storage slot can be written to by calling the function '" + func + "'.\n" + description += "There is a check on storage index " + str(idx) + ". This storage slot can be written to by calling the function `" + func + "`.\n" interesting = True else: logging.debug("[ETHER_SEND] No storage writes to index " + str(idx)) @@ -90,7 +90,7 @@ def execute(statespace): func = statespace.find_storage_write(state.environment.active_account.address, idx) if (func): - description += "\nThere is a check on storage index " + str(idx) + ". This storage slot can be written to by calling the function '" + func + "'." + description += "\nThere is a check on storage index " + str(idx) + ". This storage slot can be written to by calling the function `" + func + "`." else: logging.debug("[ETHER_SEND] No storage writes to index " + str(idx)) can_solve = False diff --git a/mythril/analysis/modules/exceptions.py b/mythril/analysis/modules/exceptions.py index a55d4187..507bbd49 100644 --- a/mythril/analysis/modules/exceptions.py +++ b/mythril/analysis/modules/exceptions.py @@ -32,7 +32,7 @@ def execute(statespace): address = state.get_current_instruction()['address'] description = "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. " - description += "This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. " + description += "This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. " debug = "The exception is triggered under the following conditions:\n\n" diff --git a/mythril/analysis/modules/external_calls.py b/mythril/analysis/modules/external_calls.py index 19b4c158..92b214d1 100644 --- a/mythril/analysis/modules/external_calls.py +++ b/mythril/analysis/modules/external_calls.py @@ -85,7 +85,7 @@ def execute(statespace): description += \ "an address found at storage slot " + str(idx) + ". " + \ - "This storage slot can be written to by calling the function '" + func + "'. " + "This storage slot can be written to by calling the function `" + func + "`. " user_supplied = True if user_supplied: diff --git a/mythril/analysis/modules/suicide.py b/mythril/analysis/modules/suicide.py index 5a5e4683..cad914bc 100644 --- a/mythril/analysis/modules/suicide.py +++ b/mythril/analysis/modules/suicide.py @@ -69,7 +69,7 @@ def execute(statespace): func = statespace.find_storage_write(state.environment.active_account.address, idx) if func: - description += "\nThere is a check on storage index " + str(idx) + ". This storage index can be written to by calling the function '" + func + "'." + description += "\nThere is a check on storage index " + str(idx) + ". This storage index can be written to by calling the function `" + func + "`." break else: logging.debug("[UNCHECKED_SUICIDE] No storage writes to index " + str(idx)) diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index 3088d9d9..61e2e72e 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -1,7 +1,6 @@ import hashlib import json - class Issue: def __init__(self, contract, function, pc, title, _type="Informational", description="", debug=""): @@ -92,6 +91,8 @@ class Report: for key, issue in self.issues.items(): + if text == "": + text += "# Analysis results for " + issue.filename text += "\n\n## " + issue.title + "\n\n" text += "- Type: " + issue.type + "\n" @@ -103,15 +104,15 @@ class Report: text += "- Function name: `" + issue.function + "`\n" text += "- PC address: " + str(issue.pc) + "\n\n" - text += "\n\n### Description\n\n" + issue.description + "\n" + text += "### Description\n\n" + issue.description if issue.filename and issue.lineno: text += "\nIn *%s:%d*\n" % (issue.filename, issue.lineno) if issue.code: - text += "\n```\n" + issue.code + "\n```\n" + text += "\n```\n" + issue.code + "\n```" if self.verbose and issue.debug: - text += "### Debugging Information\n" + issue.debug + "\n" + text += "\n\n### Debugging Information\n" + issue.debug return text diff --git a/mythril/support/truffle.py b/mythril/support/truffle.py index f869c2d4..f486f0ac 100644 --- a/mythril/support/truffle.py +++ b/mythril/support/truffle.py @@ -21,6 +21,8 @@ def analyze_truffle_project(args): files = os.listdir(build_dir) + isFirstTime: bool = True + for filename in files: if re.match(r'.*\.json$', filename) and filename != "Migrations.json": @@ -46,7 +48,7 @@ def analyze_truffle_project(args): if not len(issues): if (args.outform == 'text' or args.outform == 'markdown'): - print("\n\n# Analysis result for " + name + "\n\nNo issues found.") + print("# Analysis result for " + name + "\n\nNo issues found.") else: result = {'contract': name, 'result': {'success': True, 'error': None, 'issues': []}} print(json.dumps(result)) @@ -101,8 +103,7 @@ def analyze_truffle_project(args): print(json.dumps(result)) else: - if (args.outform == 'text'): - print("\n\n# Analysis result for " + name + ":\n\n" + report.as_text()) + print("# Analysis result for " + name + ":\n\n" + report.as_text()) elif (args.outform == 'markdown'): - print("\n\n# Analysis result for " + name + "\n\n" + report.as_markdown()) + print(report.as_markdown()) diff --git a/security_checks.md b/security_checks.md index 0984df42..a488af56 100644 --- a/security_checks.md +++ b/security_checks.md @@ -19,7 +19,7 @@ Detection modules, ideas collection and wish list. Contributions are welcome! |Transaction order dependence| | | [Front Running](https://consensys.github.io/smart-contract-best-practices/known_attacks/#transaction-ordering-dependence-tod-front-running) | |Information exposure| | | | |Complex fallback function (uses more than 2,300 gas) | A too complex fallback function will cause send() and transfer() from other contracts to fail. To implement this we first need to fully implement gas simulation. | | -|Use require() instead of assert() | Use `assert()` only to check against states which should be completely unreachable. | [Exceptions](mythril/analysis/modules/exceptions.py) | [Solidity docs](https://solidity.readthedocs.io/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions)| +|Use `require()` instead of `assert()` | Use `assert()` only to check against states which should be completely unreachable. | [Exceptions](mythril/analysis/modules/exceptions.py) | [Solidity docs](https://solidity.readthedocs.io/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions)| |Use of depreciated functions | Use `revert()` instead of `throw()`, `selfdestruct()` instead of `suicide()`, `keccak256()` instead of `sha3()` | | | |Detect tautologies| Detect comparisons that always evaluate to 'true', see also [#54](https://github.com/ConsenSys/mythril/issues/54) | | |Call depth attack| Depreciated | | [EIP 150 Hard Fork](https://consensys.github.io/smart-contract-best-practices/known_attacks/#call-depth-attack-deprecated)| diff --git a/static/sample_report.md b/static/sample_report.md index fa637edd..2e434667 100644 --- a/static/sample_report.md +++ b/static/sample_report.md @@ -9,7 +9,7 @@ In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender. Call value is balance_at_1461501637330902918203684832716283019655932542975 & address. -There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'. +There is a check on storage index 7. This storage slot can be written to by calling the function `crowdfunding()`. In *ether_send.sol:* @@ -97,7 +97,7 @@ balances[msg.sender] - _value - PC address: 1285 ### Description -In the function `'_function_0xe9874106'` the following predictable state variables are used to determine Ether recipient: +In the function `_function_0xe9874106` the following predictable state variables are used to determine Ether recipient: - block.coinbase diff --git a/tests/cmd_line_test.py b/tests/cmd_line_test.py index c548709e..5aad56ff 100644 --- a/tests/cmd_line_test.py +++ b/tests/cmd_line_test.py @@ -26,7 +26,7 @@ class TruffleTestCase(BaseTestCase): def test_analysis_truffle_project(self): truffle_project_root = str(TESTS_DIR / "truffle_project") command = "cd {}; truffle compile; python3 {} --truffle".format(truffle_project_root, MYTH) - self.assertIn("In the function `'withdrawfunds()'` a non-zero amount of Ether is sent to msg.sender.", output_of(command)) + self.assertIn("In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.", output_of(command)) class InfuraTestCase(BaseTestCase): diff --git a/tests/testdata/outputs_expected/calls.sol.json b/tests/testdata/outputs_expected/calls.sol.json index ebe52a90..e2d882d6 100644 --- a/tests/testdata/outputs_expected/calls.sol.json +++ b/tests/testdata/outputs_expected/calls.sol.json @@ -15,7 +15,7 @@ }, { "title": "Message call to external contract", - "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", + "description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "_function_0xd24b08cc", "type": "Warning", "address": 779, diff --git a/tests/testdata/outputs_expected/calls.sol.markdown b/tests/testdata/outputs_expected/calls.sol.markdown index 2125f4eb..84a2153a 100644 --- a/tests/testdata/outputs_expected/calls.sol.markdown +++ b/tests/testdata/outputs_expected/calls.sol.markdown @@ -20,7 +20,7 @@ fixed_address.call() - PC address: 779 ### Description -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. In */inputs/calls.sol:29* diff --git a/tests/testdata/outputs_expected/calls.sol.text b/tests/testdata/outputs_expected/calls.sol.text index 40b4ef78..63e2150e 100644 --- a/tests/testdata/outputs_expected/calls.sol.text +++ b/tests/testdata/outputs_expected/calls.sol.text @@ -16,7 +16,7 @@ Type: Warning Contract: Caller Function name: _function_0xd24b08cc PC address: 779 -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function '_function_0x2776b163'. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied adresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. -------------------- In file: /inputs/calls.sol:29 diff --git a/tests/testdata/outputs_expected/ether_send.sol.json b/tests/testdata/outputs_expected/ether_send.sol.json index 01f8aa1f..ed18b704 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.json +++ b/tests/testdata/outputs_expected/ether_send.sol.json @@ -4,7 +4,7 @@ "issues": [ { "title": "Ether send", - "description": "In the function `'withdrawfunds()'` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function 'crowdfunding()'.", + "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.", "function": "withdrawfunds()", "type": "Warning", "address": 816, diff --git a/tests/testdata/outputs_expected/ether_send.sol.markdown b/tests/testdata/outputs_expected/ether_send.sol.markdown index 01c7e26f..8a2a0080 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.markdown +++ b/tests/testdata/outputs_expected/ether_send.sol.markdown @@ -6,9 +6,9 @@ - PC address: 816 ### Description -In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender. +In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender. -There is a check on storage index 1. This storage slot can be written to by calling the function 'crowdfunding()'. +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. In */inputs/ether_send.sol:18* diff --git a/tests/testdata/outputs_expected/ether_send.sol.text b/tests/testdata/outputs_expected/ether_send.sol.text index 1578a52d..d634200d 100644 --- a/tests/testdata/outputs_expected/ether_send.sol.text +++ b/tests/testdata/outputs_expected/ether_send.sol.text @@ -3,9 +3,9 @@ Type: Warning Contract: Crowdfunding Function name: withdrawfunds() PC address: 816 -In the function `'withdrawfunds()'` a non-zero amount of Ether is sent to msg.sender. +In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender. -There is a check on storage index 1. This storage slot can be written to by calling the function 'crowdfunding()'. +There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`. -------------------- In file: /inputs/ether_send.sol:18 diff --git a/tests/testdata/outputs_expected/exceptions.sol.json b/tests/testdata/outputs_expected/exceptions.sol.json index 49468c9f..0742d99b 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.json +++ b/tests/testdata/outputs_expected/exceptions.sol.json @@ -4,7 +4,7 @@ "issues": [ { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x546455b5", "type": "Informational", "address": 446, @@ -15,7 +15,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x92dd38ea", "type": "Informational", "address": 484, @@ -26,7 +26,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xa08299f1", "type": "Informational", "address": 506, @@ -37,7 +37,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xb34c3610", "type": "Informational", "address": 531, diff --git a/tests/testdata/outputs_expected/exceptions.sol.markdown b/tests/testdata/outputs_expected/exceptions.sol.markdown index 2f228da0..f85d513c 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.markdown +++ b/tests/testdata/outputs_expected/exceptions.sol.markdown @@ -6,7 +6,7 @@ - PC address: 446 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/exceptions.sol:16* @@ -20,7 +20,7 @@ assert(input != 23) - PC address: 484 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/exceptions.sol:34* @@ -34,7 +34,7 @@ myarray[index] - PC address: 506 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/exceptions.sol:24* @@ -48,7 +48,7 @@ In */inputs/exceptions.sol:24* - PC address: 531 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/exceptions.sol:7* diff --git a/tests/testdata/outputs_expected/exceptions.sol.text b/tests/testdata/outputs_expected/exceptions.sol.text index 409dc190..2b5c71c9 100644 --- a/tests/testdata/outputs_expected/exceptions.sol.text +++ b/tests/testdata/outputs_expected/exceptions.sol.text @@ -3,7 +3,7 @@ Type: Informational Contract: Exceptions Function name: _function_0x546455b5 PC address: 446 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/exceptions.sol:16 @@ -16,7 +16,7 @@ Type: Informational Contract: Exceptions Function name: _function_0x92dd38ea PC address: 484 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/exceptions.sol:34 @@ -29,7 +29,7 @@ Type: Informational Contract: Exceptions Function name: _function_0xa08299f1 PC address: 506 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/exceptions.sol:24 @@ -42,7 +42,7 @@ Type: Informational Contract: Exceptions Function name: _function_0xb34c3610 PC address: 531 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/exceptions.sol:7 diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.json b/tests/testdata/outputs_expected/multi_contracts.sol.json index 501b2b5f..af046a44 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.json +++ b/tests/testdata/outputs_expected/multi_contracts.sol.json @@ -4,7 +4,7 @@ "issues": [ { "title": "Ether send", - "description": "In the function `'_function_0x8a4068dd'` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", + "description": "In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.\nIt seems that this function can be called without restrictions.", "function": "_function_0x8a4068dd", "type": "Warning", "address": 142, diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.markdown b/tests/testdata/outputs_expected/multi_contracts.sol.markdown index de4a3771..9fc46e4a 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.markdown +++ b/tests/testdata/outputs_expected/multi_contracts.sol.markdown @@ -6,7 +6,7 @@ - PC address: 142 ### Description -In the function `'_function_0x8a4068dd'` a non-zero amount of Ether is sent to msg.sender. +In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender. It seems that this function can be called without restrictions. In */inputs/multi_contracts.sol:14* diff --git a/tests/testdata/outputs_expected/multi_contracts.sol.text b/tests/testdata/outputs_expected/multi_contracts.sol.text index cf1d4a80..55ed6152 100644 --- a/tests/testdata/outputs_expected/multi_contracts.sol.text +++ b/tests/testdata/outputs_expected/multi_contracts.sol.text @@ -3,7 +3,7 @@ Type: Warning Contract: Transfer2 Function name: _function_0x8a4068dd PC address: 142 -In the function `'_function_0x8a4068dd'` a non-zero amount of Ether is sent to msg.sender. +In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender. It seems that this function can be called without restrictions. -------------------- In file: /inputs/multi_contracts.sol:14 diff --git a/tests/testdata/outputs_expected/rubixi.sol.json b/tests/testdata/outputs_expected/rubixi.sol.json index e41a9d06..58440948 100644 --- a/tests/testdata/outputs_expected/rubixi.sol.json +++ b/tests/testdata/outputs_expected/rubixi.sol.json @@ -4,7 +4,7 @@ "issues": [ { "title": "Ether send", - "description": "In the function `'_function_0x4229616d'` a non-zero amount of Ether is sent to an address taken from storage slot 5.\nThere is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'.\n\nThere is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'.\nThere is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'.", + "description": "In the function `_function_0x4229616d` a non-zero amount of Ether is sent to an address taken from storage slot 5.\nThere is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`.\n\nThere is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`.\nThere is a check on storage index 1. This storage slot can be written to by calling the function `fallback`.", "function": "_function_0x4229616d", "type": "Warning", "address": 1599, @@ -15,7 +15,7 @@ }, { "title": "Ether send", - "description": "In the function `'_function_0x686f2c90'` a non-zero amount of Ether is sent to an address taken from storage slot 5.\nThere is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'.\n\nThere is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'.\nThere is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'.", + "description": "In the function `_function_0x686f2c90` a non-zero amount of Ether is sent to an address taken from storage slot 5.\nThere is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`.\n\nThere is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`.\nThere is a check on storage index 1. This storage slot can be written to by calling the function `fallback`.", "function": "_function_0x686f2c90", "type": "Warning", "address": 1940, @@ -26,7 +26,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x57d4021b", "type": "Informational", "address": 1653, @@ -37,7 +37,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0x9dbc4f9b", "type": "Informational", "address": 2085, diff --git a/tests/testdata/outputs_expected/rubixi.sol.markdown b/tests/testdata/outputs_expected/rubixi.sol.markdown index 9d688bc2..2e122109 100644 --- a/tests/testdata/outputs_expected/rubixi.sol.markdown +++ b/tests/testdata/outputs_expected/rubixi.sol.markdown @@ -6,11 +6,11 @@ - PC address: 1599 ### Description -In the function `'_function_0x4229616d'` a non-zero amount of Ether is sent to an address taken from storage slot 5. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. +In the function `_function_0x4229616d` a non-zero amount of Ether is sent to an address taken from storage slot 5. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. In */inputs/rubixi.sol:93* @@ -24,11 +24,11 @@ creator.send(feesToCollect) - PC address: 1940 ### Description -In the function `'_function_0x686f2c90'` a non-zero amount of Ether is sent to an address taken from storage slot 5. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. +In the function `_function_0x686f2c90` a non-zero amount of Ether is sent to an address taken from storage slot 5. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. In */inputs/rubixi.sol:75* @@ -42,7 +42,7 @@ creator.send(collectedFees) - PC address: 1653 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/rubixi.sol:131* @@ -56,7 +56,7 @@ participants[payoutOrder] - PC address: 2085 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/rubixi.sol:148* diff --git a/tests/testdata/outputs_expected/rubixi.sol.text b/tests/testdata/outputs_expected/rubixi.sol.text index 7f8500bb..a4c95257 100644 --- a/tests/testdata/outputs_expected/rubixi.sol.text +++ b/tests/testdata/outputs_expected/rubixi.sol.text @@ -3,11 +3,11 @@ Type: Warning Contract: Rubixi Function name: _function_0x4229616d PC address: 1599 -In the function `'_function_0x4229616d'` a non-zero amount of Ether is sent to an address taken from storage slot 5. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. +In the function `_function_0x4229616d` a non-zero amount of Ether is sent to an address taken from storage slot 5. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. -------------------- In file: /inputs/rubixi.sol:93 @@ -20,11 +20,11 @@ Type: Warning Contract: Rubixi Function name: _function_0x686f2c90 PC address: 1940 -In the function `'_function_0x686f2c90'` a non-zero amount of Ether is sent to an address taken from storage slot 5. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. +In the function `_function_0x686f2c90` a non-zero amount of Ether is sent to an address taken from storage slot 5. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. -There is a check on storage index 5. This storage slot can be written to by calling the function '_function_0x67f809e9'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 5. This storage slot can be written to by calling the function `_function_0x67f809e9`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. -------------------- In file: /inputs/rubixi.sol:75 @@ -37,7 +37,7 @@ Type: Informational Contract: Rubixi Function name: _function_0x57d4021b PC address: 1653 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/rubixi.sol:131 @@ -50,7 +50,7 @@ Type: Informational Contract: Rubixi Function name: _function_0x9dbc4f9b PC address: 2085 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/rubixi.sol:148 diff --git a/tests/testdata/outputs_expected/weak_random.sol.json b/tests/testdata/outputs_expected/weak_random.sol.json index 61a8041b..4ed9c5b8 100644 --- a/tests/testdata/outputs_expected/weak_random.sol.json +++ b/tests/testdata/outputs_expected/weak_random.sol.json @@ -4,7 +4,7 @@ "issues": [ { "title": "Dependence on predictable environment variable", - "description": "In the function `'_function_0xe9874106'` the following predictable state variables are used to determine Ether recipient:\n- block.coinbase\n", + "description": "In the function `_function_0xe9874106` the following predictable state variables are used to determine Ether recipient:\n- block.coinbase\n", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, @@ -15,7 +15,7 @@ }, { "title": "Ether send", - "description": "In the function `'_function_0xe9874106'` a non-zero amount of Ether is sent to an address taken from storage slot 0.\nThere is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'.\nThere is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'.", + "description": "In the function `_function_0xe9874106` a non-zero amount of Ether is sent to an address taken from storage slot 0.\nThere is a check on storage index 0. This storage slot can be written to by calling the function `fallback`.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `fallback`.\nThere is a check on storage index 1. This storage slot can be written to by calling the function `fallback`.", "function": "_function_0xe9874106", "type": "Warning", "address": 1285, @@ -26,7 +26,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "fallback", "type": "Informational", "address": 356, @@ -37,7 +37,7 @@ }, { "title": "Exception state", - "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. ", + "description": "A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ", "function": "_function_0xe9874106", "type": "Informational", "address": 146, diff --git a/tests/testdata/outputs_expected/weak_random.sol.markdown b/tests/testdata/outputs_expected/weak_random.sol.markdown index fa89a30e..6f35fa52 100644 --- a/tests/testdata/outputs_expected/weak_random.sol.markdown +++ b/tests/testdata/outputs_expected/weak_random.sol.markdown @@ -6,7 +6,7 @@ - PC address: 1285 ### Description -In the function `'_function_0xe9874106'` the following predictable state variables are used to determine Ether recipient: +In the function `_function_0xe9874106` the following predictable state variables are used to determine Ether recipient: - block.coinbase @@ -22,11 +22,11 @@ winningAddress.transfer(prize) - PC address: 1285 ### Description -In the function `'_function_0xe9874106'` a non-zero amount of Ether is sent to an address taken from storage slot 0. -There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. +In the function `_function_0xe9874106` a non-zero amount of Ether is sent to an address taken from storage slot 0. +There is a check on storage index 0. This storage slot can be written to by calling the function `fallback`. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. In */inputs/weak_random.sol:47* @@ -40,7 +40,7 @@ winningAddress.transfer(prize) - PC address: 356 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/weak_random.sol:11* @@ -54,7 +54,7 @@ prize / totalTickets - PC address: 146 ### Description -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. In */inputs/weak_random.sol:11* diff --git a/tests/testdata/outputs_expected/weak_random.sol.text b/tests/testdata/outputs_expected/weak_random.sol.text index d53c23b4..dcc95788 100644 --- a/tests/testdata/outputs_expected/weak_random.sol.text +++ b/tests/testdata/outputs_expected/weak_random.sol.text @@ -3,7 +3,7 @@ Type: Warning Contract: WeakRandom Function name: _function_0xe9874106 PC address: 1285 -In the function `'_function_0xe9874106'` the following predictable state variables are used to determine Ether recipient: +In the function `_function_0xe9874106` the following predictable state variables are used to determine Ether recipient: - block.coinbase -------------------- @@ -18,11 +18,11 @@ Type: Warning Contract: WeakRandom Function name: _function_0xe9874106 PC address: 1285 -In the function `'_function_0xe9874106'` a non-zero amount of Ether is sent to an address taken from storage slot 0. -There is a check on storage index 0. This storage slot can be written to by calling the function 'fallback'. +In the function `_function_0xe9874106` a non-zero amount of Ether is sent to an address taken from storage slot 0. +There is a check on storage index 0. This storage slot can be written to by calling the function `fallback`. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. -There is a check on storage index 1. This storage slot can be written to by calling the function 'fallback'. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. +There is a check on storage index 1. This storage slot can be written to by calling the function `fallback`. -------------------- In file: /inputs/weak_random.sol:47 @@ -35,7 +35,7 @@ Type: Informational Contract: WeakRandom Function name: fallback PC address: 356 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/weak_random.sol:11 @@ -48,7 +48,7 @@ Type: Informational Contract: WeakRandom Function name: _function_0xe9874106 PC address: 146 -A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that assert() should only be used to check invariants. Use require() for regular input checking. +A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. -------------------- In file: /inputs/weak_random.sol:11