TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tox'

Browse Source
pull/254/merge
Dr. Sergey Pogodin 7 years ago
parent d66536120b 3b7a21b558
commit a62ba2470d
17 changed files with 411 additions and 167 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 48
      .circleci/config.yml
  2. 13
      .coveragerc
  3. 177
      .gitignore
  4. 19
      Pipfile
  5. 7
      coverage_report.sh
  6. 16
      mythril/analysis/report.py
  7. 2
      mythril/analysis/templates/report_as_markdown.jinja2
  8. 2
      mythril/analysis/templates/report_as_text.jinja2
  9. 9
      tests/analysis/test_delegatecall.py
  10. 46
      tests/report_test.py
  11. 70
      tests/testdata/outputs_expected/calls.sol.o.markdown
  12. 58
      tests/testdata/outputs_expected/calls.sol.o.text
  13. 18
      tests/testdata/outputs_expected/overflow.sol.o.markdown
  14. 18
      tests/testdata/outputs_expected/overflow.sol.o.text
  15. 18
      tests/testdata/outputs_expected/underflow.sol.o.markdown
  16. 18
      tests/testdata/outputs_expected/underflow.sol.o.text
  17. 39
      tox.ini

48
.circleci/config.yml
Unescape View File

@ -1,6 +1,6 @@
defaults: &defaults
docker:
- image: birdofpreyru/mythril-integration-tests:0.0.3
- image: birdofpreyru/mythril-integration-tests:0.0.4
version: 2
jobs:
@ -15,13 +15,28 @@ jobs:
# path param in checkout command, and this symlink compenstates for that.
# - run: ln -s /root/project /home/mythril
- restore-cache:
keys:
- tox-env-{{ checksum "/home/mythril/setup.py" }}
- run:
name: Installing mythril tools
command: cd /home && ./install-mythril-tools.sh laser-ethereum
command: ./install-mythril-tools.sh laser-ethereum
working_directory: /home
- run:
name: Install dependencies, in case any are missing in Docker image
command: pip3 install -r /home/mythril/requirements.txt
name: Install tox envs
command: tox -vv --notest
working_directory: /home/mythril
environment:
LC_ALL: C.UTF-8
LANG: C.UTF-8
- save_cache:
key: tox-env-{{ checksum "/home/mythril/setup.py" }}
paths:
- .tox/py*
- /root/.cache/pip/wheels/
- run:
background: true
@ -30,21 +45,27 @@ jobs:
- run:
name: Unit-testing
command: cd /home/mythril && ./all_tests.sh
command: tox
working_directory: /home/mythril
environment:
LC_ALL: C.UTF-8
LANG: C.UTF-8
- store_test_results:
path: /tmp/test-reports
path: /home/mythril/.tox/output
- store_artifacts:
path: /tmp/test-reports
path: /home/mythril/.tox/output
- run:
name: Ensuring that setup script is functional
command: cd /home/mythril && python3 setup.py install
command: python3 setup.py install
working_directory: /home/mythril
- run:
name: Integration tests
command: if [ -z "$CIRCLE_PR_NUMBER" ]; then cd /home && ./run-integration-tests.sh; fi
command: if [ -z "$CIRCLE_PR_NUMBER" ]; then ./run-integration-tests.sh; fi
working_directory: /home
deploy:
<<: *defaults
@ -53,13 +74,16 @@ jobs:
path: /home/mythril
- run:
name: Verify Git tag vs. version
command: cd /home/mythril && python3 setup.py verify
command: python3 setup.py verify
working_directory: /home/mythril
- run:
name: Build
command: cd /home/mythril && python3 setup.py sdist
command: python3 setup.py sdist
working_directory: /home/mythril
- run:
name: Deploy
command: cd /home/mythril && twine upload dist/*
command: twine upload dist/*
working_directory: /home/mythril
workflows:
version: 2

13
.coveragerc
Unescape View File

@ -1,13 +0,0 @@
[run]
source =
.
[report]
omit =
*__init__.py
/usr/*
*_test.py
setup.py
[html]
directory = coverage_html_report

177
.gitignore vendored
Unescape View File

@ -1,20 +1,179 @@
.DS_Store
# Created by https://www.gitignore.io/api/linux,macos,python,windows
### Linux ###
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
### macOS ###
*.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### Python ###
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
.pytest_cache/
nosetests.xml
coverage.xml
*.cover
.hypothesis/
# Translations
*.mo
*.pot
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# pyenv
.python-version
__pycache__
*.pyc
# celery beat schedule file
celerybeat-schedule.*
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
### Windows ###
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msm
*.msp
# Windows shortcuts
*.lnk
# End of https://www.gitignore.io/api/linux,macos,python,windows
*.asm
mythril.egg-info
build
dist
*.rst
*.lock
!Pipfile.lock
*.svg
laser*
lol*
.idea*
coverage_html_report/
.coverage
.pytest_cache
tests/testdata/outputs_current/
tests/mythril_dir/signatures.json

19
Pipfile
Unescape View File

@ -4,27 +4,16 @@ verify_ssl = true
name = "pypi"
[packages]
requests = "*"
plyvel = "*"
py-solc = "*"
coverage = "*"
BTrees = "*"
ethereum = ">=2.3.0"
zodb = ">=5.3.0"
eth-abi = "*"
"z3-solver" = ">=4.5"
eth-account = "*"
eth-tester = "*"
laser-ethereum = ">=0.5.20"
"jinja2" = "*"
rlp = "<1.0.0"
"e1839a8" = {path = ".", editable = true}
[dev-packages]
pylint = "*"
yapf = "*"
pytest = "*"
pytest-mock = "*"
pytest-cov = "*"
[requires]
python_version = "3.6"
[pipenv]
allow_prereleases = true

7
coverage_report.sh
Unescape View File

@ -7,6 +7,7 @@ rm -rf ./tests/testdata/outputs_current/
mkdir -p ./tests/testdata/outputs_current/
rm -rf coverage_html_report
coverage run -m unittest discover -p "*_test.py"
coverage html
open coverage_html_report/index.html
py.test \
--cov=mythril \
--cov-config=tox.ini \
--cov-report=html:coverage_html_report \

16
mythril/analysis/report.py
Unescape View File

@ -1,5 +1,6 @@
import hashlib
import json
import operator
from jinja2 import PackageLoader, Environment
class Issue:
@ -45,25 +46,28 @@ class Report:
self.verbose = verbose
pass
def sorted_issues(self):
issue_list = [issue.as_dict() for key, issue in self.issues.items()]
return sorted(issue_list, key=operator.itemgetter('address', 'title'))
def append_issue(self, issue):
m = hashlib.md5()
m.update((issue.contract + str(issue.address) + issue.title).encode('utf-8'))
self.issues[m.digest()] = issue
def as_text(self):
filename = self._file_name()
name = self._file_name()
template = Report.environment.get_template('report_as_text.jinja2')
return template.render(filename=filename, issues=self.issues, verbose=self.verbose)
return template.render(filename=name, issues=self.sorted_issues(), verbose=self.verbose)
def as_json(self):
issues = [issue.as_dict() for key, issue in self.issues.items()]
result = {'success': True, 'error': None, 'issues': issues}
return json.dumps(result)
result = {'success': True, 'error': None, 'issues': self.sorted_issues()}
return json.dumps(result, sort_keys=True)
def as_markdown(self):
filename = self._file_name()
template = Report.environment.get_template('report_as_markdown.jinja2')
return template.render(filename=filename, issues=self.issues, verbose=self.verbose)
return template.render(filename=filename, issues=self.sorted_issues(), verbose=self.verbose)
def _file_name(self):
if len(self.issues.values()) > 0:

2
mythril/analysis/templates/report_as_markdown.jinja2
Unescape View File

@ -1,6 +1,6 @@
# Analysis results for {{ filename }}
{% if issues %}
{% for key, issue in issues.items() %}
{% for issue in issues %}
## {{ issue.title }}

2
mythril/analysis/templates/report_as_text.jinja2
Unescape View File

@ -1,5 +1,5 @@
{% if issues %}
{% for key, issue in issues.items() %}
{% for issue in issues %}
==== {{ issue.title }} ====
Type: {{ issue.type }}
Contract: {{ issue.contract | default("Unknown") }}

9
tests/analysis/test_delegatecall.py
Unescape View File

@ -3,8 +3,7 @@ from mythril.analysis.ops import Call, Variable, VarType
from mythril.analysis.symbolic import SymExecWrapper
from laser.ethereum.svm import GlobalState, Node, Environment, Account
import pytest
import mock
from mock import patch
from unittest.mock import MagicMock, patch
import pytest_mock
@ -185,7 +184,7 @@ def test_delegate_call(sym_mock, concrete_mock, curr_instruction):
to = Variable("storage_1", VarType.SYMBOLIC)
call = Call(node, state, None, "DELEGATECALL", to, None)
statespace = mock.MagicMock()
statespace = MagicMock()
statespace.calls = [call]
# act
@ -211,7 +210,7 @@ def test_delegate_call_not_delegate(sym_mock, concrete_mock):
to = Variable("storage_1", VarType.SYMBOLIC)
call = Call(node, None, None, "NOT_DELEGATECALL", to, None)
statespace = mock.MagicMock()
statespace = MagicMock()
statespace.calls = [call]
# act
@ -238,7 +237,7 @@ def test_delegate_call_not_fallback(sym_mock, concrete_mock):
to = Variable("storage_1", VarType.SYMBOLIC)
call = Call(node, None, None, "DELEGATECALL", to, None)
statespace = mock.MagicMock()
statespace = MagicMock()
statespace.calls = [call]
# act

46
tests/report_test.py
Unescape View File

@ -19,7 +19,7 @@ def _fix_debug_data(json_str):
read_json = json.loads(json_str)
for issue in read_json["issues"]:
issue["debug"] = "<DEBUG-DATA>"
return json.dumps(read_json, indent=4)
return json.dumps(read_json, sort_keys=True)
def _generate_report(input_file):
@ -56,6 +56,29 @@ def _assert_empty(changed_files, postfix):
assert message == "", message
def _assert_empty_json(changed_files):
""" Asserts there are no changed files and otherwise builds error message"""
postfix = ".json"
expected = []
actual = []
def ordered(obj):
if isinstance(obj, dict):
return sorted((k, ordered(v)) for k, v in obj.items())
elif isinstance(obj, list):
return sorted(ordered(x) for x in obj)
else:
return obj
for input_file in changed_files:
output_expected = json.loads((TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text())
output_current = json.loads((TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text())
if not ordered(output_expected.items()) == ordered(output_current.items()):
expected.append(output_expected)
actual.append(output_current)
assert expected == actual
def _get_changed_files(postfix, report_builder, reports):
"""
@ -74,8 +97,27 @@ def _get_changed_files(postfix, report_builder, reports):
yield input_file
def _get_changed_files_json(report_builder, reports):
postfix = ".json"
def ordered(obj):
if isinstance(obj, dict):
return sorted((k, ordered(v)) for k, v in obj.items())
elif isinstance(obj, list):
return sorted(ordered(x) for x in obj)
else:
return obj
for report, input_file in reports:
output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)
output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)
output_current.write_text(report_builder(report))
if not ordered(json.loads(output_expected.read_text())) == ordered(json.loads(output_current.read_text())):
yield input_file
def test_json_report(reports):
_assert_empty(_get_changed_files('.json', lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports), '.json')
_assert_empty_json(_get_changed_files_json(lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports))
def test_markdown_report(reports):

70
tests/testdata/outputs_expected/calls.sol.o.markdown vendored
Unescape View File

@ -11,49 +11,27 @@
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Message call to external contract
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
- PC address: 779
### Description
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Message call to external contract
## Unchecked CALL return value
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 858
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## State change after external call
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 869
- Function name: `_function_0x5a6814ec`
- PC address: 661
### Description
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe1d10f79`
- PC address: 912
- Function name: `_function_0xd24b08cc`
- PC address: 779
### Description
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Transaction order dependence
@ -70,23 +48,23 @@ A possible transaction order independence vulnerability exists in function _func
- Type: Informational
- Contract: Unknown
- Function name: `_function_0x5a6814ec`
- PC address: 661
- Function name: `_function_0xd24b08cc`
- PC address: 779
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Unchecked CALL return value
## Message call to external contract
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xd24b08cc`
- PC address: 779
- Function name: `_function_0xe11f493e`
- PC address: 858
### Description
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value
@ -99,6 +77,28 @@ The return value of an external call is not checked. Note that execution continu
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## State change after external call
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 869
### Description
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
## Message call to external contract
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe1d10f79`
- PC address: 912
### Description
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Unchecked CALL return value
- Type: Informational

58
tests/testdata/outputs_expected/calls.sol.o.text vendored
Unescape View File

@ -6,36 +6,20 @@ PC address: 661
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Message call to external contract ====
Type: Warning
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 779
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Message call to external contract ====
==== Unchecked CALL return value ====
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 858
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== State change after external call ====
Type: Warning
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 869
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
Function name: _function_0x5a6814ec
PC address: 661
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Message call to external contract ====
Type: Warning
Contract: Unknown
Function name: _function_0xe1d10f79
PC address: 912
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
Function name: _function_0xd24b08cc
PC address: 779
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Transaction order dependence ====
@ -49,17 +33,17 @@ A possible transaction order independence vulnerability exists in function _func
==== Unchecked CALL return value ====
Type: Informational
Contract: Unknown
Function name: _function_0x5a6814ec
PC address: 661
Function name: _function_0xd24b08cc
PC address: 779
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== Unchecked CALL return value ====
==== Message call to external contract ====
Type: Informational
Contract: Unknown
Function name: _function_0xd24b08cc
PC address: 779
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
Function name: _function_0xe11f493e
PC address: 858
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Unchecked CALL return value ====
@ -70,6 +54,22 @@ PC address: 858
The return value of an external call is not checked. Note that execution continue even if the called contract throws.
--------------------
==== State change after external call ====
Type: Warning
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 869
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
--------------------
==== Message call to external contract ====
Type: Warning
Contract: Unknown
Function name: _function_0xe1d10f79
PC address: 912
This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Unchecked CALL return value ====
Type: Informational
Contract: Unknown

18
tests/testdata/outputs_expected/overflow.sol.o.markdown vendored
Unescape View File

@ -5,33 +5,33 @@
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 649
- PC address: 567
### Description
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Overflow
## Integer Underflow
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- PC address: 649
### Description
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Underflow
## Integer Overflow
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 567
- PC address: 725
### Description
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.

18
tests/testdata/outputs_expected/overflow.sol.o.text vendored
Unescape View File

@ -2,26 +2,26 @@
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 649
PC address: 567
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
--------------------
==== Integer Overflow ====
==== Integer Underflow ====
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
PC address: 649
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
--------------------
==== Integer Underflow ====
==== Integer Overflow ====
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 567
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
PC address: 725
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------

18
tests/testdata/outputs_expected/underflow.sol.o.markdown vendored
Unescape View File

@ -5,33 +5,33 @@
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 649
- PC address: 567
### Description
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Overflow
## Integer Underflow
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- PC address: 649
### Description
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
## Integer Underflow
## Integer Overflow
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 567
- PC address: 725
### Description
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.

18
tests/testdata/outputs_expected/underflow.sol.o.text vendored
Unescape View File

@ -2,26 +2,26 @@
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 649
PC address: 567
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
--------------------
==== Integer Overflow ====
==== Integer Underflow ====
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
PC address: 649
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
--------------------
==== Integer Underflow ====
==== Integer Overflow ====
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 567
A possible integer underflow exists in the function `sendeth(address,uint256)`.
The subtraction may result in a value < 0.
PC address: 725
A possible integer overflow exists in the function `sendeth(address,uint256)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------

39
tox.ini
Unescape View File

@ -0,0 +1,39 @@
[tox]
envlist = py36
[testenv]
deps =
pytest
pytest-mock
whitelist_externals = mkdir
commands =
mkdir -p {toxinidir}/tests/testdata/outputs_current/
py.test -v \
--junitxml={toxworkdir}/output/{envname}/junit.xml \
{posargs}
[testenv:py36]
basepython = python3.6
setenv =
COVERAGE_FILE = .coverage.{envname}
deps =
pytest
pytest-mock
pytest-cov
whitelist_externals = mkdir
commands =
mkdir -p {toxinidir}/tests/testdata/outputs_current/
py.test -v \
--cov=mythril \
--cov-config=tox.ini \
--cov-report=xml:{toxworkdir}/output/{envname}/coverage.xml \
--cov-report=html:{toxworkdir}/output/{envname}/covhtml \
--junitxml={toxworkdir}/output/{envname}/junit.xml \
{posargs}
[coverage:report]
omit =
*__init__.py
/usr/*
*_test.py
setup.py
Write Preview
Loading…
Cancel
Save