|
|
@ -14,7 +14,7 @@ log = logging.getLogger(__name__) |
|
|
|
class Exceptions(DetectionModule): |
|
|
|
class Exceptions(DetectionModule): |
|
|
|
"""""" |
|
|
|
"""""" |
|
|
|
|
|
|
|
|
|
|
|
name = "Exception or assertion violation" |
|
|
|
name = "Assertion violation" |
|
|
|
swc_id = ASSERT_VIOLATION |
|
|
|
swc_id = ASSERT_VIOLATION |
|
|
|
description = "Checks whether any exception states are reachable." |
|
|
|
description = "Checks whether any exception states are reachable." |
|
|
|
entry_point = EntryPoint.CALLBACK |
|
|
|
entry_point = EntryPoint.CALLBACK |
|
|
@ -46,11 +46,11 @@ class Exceptions(DetectionModule): |
|
|
|
address = state.get_current_instruction()["address"] |
|
|
|
address = state.get_current_instruction()["address"] |
|
|
|
|
|
|
|
|
|
|
|
description_tail = ( |
|
|
|
description_tail = ( |
|
|
|
"It is possible to trigger an exception (opcode 0xfe). " |
|
|
|
"It is possible to trigger an assertion violation. Note that Solidity assert() statements should " |
|
|
|
"Exceptions can be caused by type errors, division by zero, " |
|
|
|
"only be used to check invariants. Review the transaction trace generated for this issue and " |
|
|
|
"out-of-bounds array access, or assert violations. " |
|
|
|
"either make sure your program logic is correct, or use require() instead of assert() if your goal " |
|
|
|
"Note that explicit `assert()` should only be used to check invariants. " |
|
|
|
"is to constrain user inputs or enforce preconditions. Remember to validate inputs from both callers " |
|
|
|
"Use `require()` for regular input checking." |
|
|
|
"(for instance, via passed arguments) and callees (for instance, via return values)." |
|
|
|
) |
|
|
|
) |
|
|
|
transaction_sequence = solver.get_transaction_sequence( |
|
|
|
transaction_sequence = solver.get_transaction_sequence( |
|
|
|
state, state.world_state.constraints |
|
|
|
state, state.world_state.constraints |
|
|
@ -61,8 +61,8 @@ class Exceptions(DetectionModule): |
|
|
|
address=address, |
|
|
|
address=address, |
|
|
|
swc_id=ASSERT_VIOLATION, |
|
|
|
swc_id=ASSERT_VIOLATION, |
|
|
|
title="Exception State", |
|
|
|
title="Exception State", |
|
|
|
severity="Low", |
|
|
|
severity="Medium", |
|
|
|
description_head="A reachable exception has been detected.", |
|
|
|
description_head="An exception or assertion violation was triggered.", |
|
|
|
description_tail=description_tail, |
|
|
|
description_tail=description_tail, |
|
|
|
bytecode=state.environment.code.bytecode, |
|
|
|
bytecode=state.environment.code.bytecode, |
|
|
|
transaction_sequence=transaction_sequence, |
|
|
|
transaction_sequence=transaction_sequence, |
|
|
|