Update more descriptions

vuln_edits
Bernhard Mueller 5 years ago
parent 733ae31a29
commit b91911bc38
  1. 4
      mythril/analysis/module/modules/arbitrary_jump.py
  2. 4
      mythril/analysis/module/modules/arbitrary_write.py
  3. 4
      mythril/analysis/module/modules/delegatecall.py
  4. 6
      mythril/analysis/module/modules/dependence_on_origin.py
  5. 8
      mythril/analysis/module/modules/dependence_on_predictable_vars.py
  6. 9
      mythril/analysis/module/modules/ether_thief.py
  7. 16
      mythril/analysis/module/modules/exceptions.py
  8. 6
      mythril/analysis/module/modules/external_calls.py
  9. 12
      mythril/analysis/module/modules/integer.py
  10. 6
      mythril/analysis/module/modules/multiple_sends.py

@ -67,8 +67,8 @@ class ArbitraryJump(DetectionModule):
bytecode=state.environment.code.bytecode, bytecode=state.environment.code.bytecode,
description_head="The caller can redirect execution to arbitrary bytecode locations.", description_head="The caller can redirect execution to arbitrary bytecode locations.",
description_tail="It is possible to redirect the control flow to arbitrary locations in the code. " description_tail="It is possible to redirect the control flow to arbitrary locations in the code. "
+ "This may allow an attacker to bypass security controls or manipulate the business logic of the " "This may allow an attacker to bypass security controls or manipulate the business logic of the "
+ "smart contract. Avoid using low-level-operations and assembly to prevent this issue.", "smart contract. Avoid using low-level-operations and assembly to prevent this issue.",
gas_used=(state.mstate.min_gas_used, state.mstate.max_gas_used), gas_used=(state.mstate.min_gas_used, state.mstate.max_gas_used),
transaction_sequence=transaction_sequence, transaction_sequence=transaction_sequence,
) )

@ -69,8 +69,8 @@ class ArbitraryStorage(DetectionModule):
bytecode=state.environment.code.bytecode, bytecode=state.environment.code.bytecode,
description_head="Any storage slot can be written by the caller.", description_head="Any storage slot can be written by the caller.",
description_tail="It is possible to write to arbitrary storage locations. By modifying the values of " description_tail="It is possible to write to arbitrary storage locations. By modifying the values of "
+ "storage variables, attackers may bypass security controls or manipulate the business logic of " "storage variables, attackers may bypass security controls or manipulate the business logic of "
+ "the smart contract.", "the smart contract.",
detector=self, detector=self,
constraints=constraints, constraints=constraints,
) )

@ -74,8 +74,8 @@ class ArbitraryDelegateCall(DetectionModule):
description_head = "The contract delegates execution to another contract with a user-supplied address." description_head = "The contract delegates execution to another contract with a user-supplied address."
description_tail = ( description_tail = (
"The smart contract delegates execution to a user-supplied address. This could allow an attacker to " "The smart contract delegates execution to a user-supplied address. This could allow an attacker to "
+ "execute arbitrary code in the context of this contract account and manipulate permanent storage of " "execute arbitrary code in the context of this contract account and manipulate permanent storage of "
+ "the account." "the account."
) )
return [ return [

@ -72,9 +72,9 @@ class TxOrigin(DetectionModule):
description = ( description = (
"The tx.origin environment variable has been found to influence a control flow decision. " "The tx.origin environment variable has been found to influence a control flow decision. "
+ "Note that using tx.origin as a security control might cause a situation where a user " "Note that using tx.origin as a security control might cause a situation where a user "
+ "inadvertently authorizes a smart contract to perform an action on their behalf. It is " "inadvertently authorizes a smart contract to perform an action on their behalf. It is "
+ "recommended to use msg.sender instead." "recommended to use msg.sender instead."
) )
severity = "Low" severity = "Low"

@ -95,10 +95,10 @@ class PredictableVariables(DetectionModule):
) )
description += ( description += (
"Note that the values of variables like coinbase, gaslimit, block number and timestamp are " "Note that the values of variables like coinbase, gaslimit, block number and timestamp are "
+ "predictable and can be manipulated by a malicious miner. Also keep in mind that " "predictable and can be manipulated by a malicious miner. Also keep in mind that "
+ "attackers know hashes of earlier blocks. Don't use any of those environment variables " "attackers know hashes of earlier blocks. Don't use any of those environment variables "
+ " as sources of randomness and be aware that use of these variables introduces " "as sources of randomness and be aware that use of these variables introduces "
" a certain level of trust into miners." "a certain level of trust into miners."
) )
""" """

@ -28,7 +28,7 @@ class EtherThief(DetectionModule):
"""This module search for cases where Ether can be withdrawn to a user- """This module search for cases where Ether can be withdrawn to a user-
specified address.""" specified address."""
name = "Attacker can profitably withdraw Ether from the contract account" name = "Any sender can withdraw ETH from the contract account"
swc_id = UNPROTECTED_ETHER_WITHDRAWAL swc_id = UNPROTECTED_ETHER_WITHDRAWAL
description = DESCRIPTION description = DESCRIPTION
entry_point = EntryPoint.CALLBACK entry_point = EntryPoint.CALLBACK
@ -86,9 +86,10 @@ class EtherThief(DetectionModule):
title="Unprotected Ether Withdrawal", title="Unprotected Ether Withdrawal",
severity="High", severity="High",
bytecode=state.environment.code.bytecode, bytecode=state.environment.code.bytecode,
description_head="Anyone can withdraw ETH from the contract account.", description_head="Any sender can withdraw Ether from the contract account.",
description_tail="Arbitrary senders other than the contract creator can withdraw ETH from the contract" description_tail="Arbitrary senders other than the contract creator can profitably extract Ether "
+ " account. This is likely to be a vulnerability.", "from the contract account. Verify the business logic carefully and make sure that appropriate "
"security controls are in place to prevent unexpected loss of funds.",
detector=self, detector=self,
constraints=constraints, constraints=constraints,
) )

@ -14,7 +14,7 @@ log = logging.getLogger(__name__)
class Exceptions(DetectionModule): class Exceptions(DetectionModule):
"""""" """"""
name = "Exception or assertion violation" name = "Assertion violation"
swc_id = ASSERT_VIOLATION swc_id = ASSERT_VIOLATION
description = "Checks whether any exception states are reachable." description = "Checks whether any exception states are reachable."
entry_point = EntryPoint.CALLBACK entry_point = EntryPoint.CALLBACK
@ -46,11 +46,11 @@ class Exceptions(DetectionModule):
address = state.get_current_instruction()["address"] address = state.get_current_instruction()["address"]
description_tail = ( description_tail = (
"It is possible to trigger an exception (opcode 0xfe). " "It is possible to trigger an assertion violation. Note that Solidity assert() statements should "
"Exceptions can be caused by type errors, division by zero, " "only be used to check invariants. Review the transaction trace generated for this issue and "
"out-of-bounds array access, or assert violations. " "either make sure your program logic is correct, or use require() instead of assert() if your goal "
"Note that explicit `assert()` should only be used to check invariants. " "is to constrain user inputs or enforce preconditions. Remember to validate inputs from both callers "
"Use `require()` for regular input checking." "(for instance, via passed arguments) and callees (for instance, via return values)."
) )
transaction_sequence = solver.get_transaction_sequence( transaction_sequence = solver.get_transaction_sequence(
state, state.world_state.constraints state, state.world_state.constraints
@ -61,8 +61,8 @@ class Exceptions(DetectionModule):
address=address, address=address,
swc_id=ASSERT_VIOLATION, swc_id=ASSERT_VIOLATION,
title="Exception State", title="Exception State",
severity="Low", severity="Medium",
description_head="A reachable exception has been detected.", description_head="An exception or assertion violation was triggered.",
description_tail=description_tail, description_tail=description_tail,
bytecode=state.environment.code.bytecode, bytecode=state.environment.code.bytecode,
transaction_sequence=transaction_sequence, transaction_sequence=transaction_sequence,

@ -86,10 +86,10 @@ class ExternalCalls(DetectionModule):
description_head = "A call to a user-supplied address is executed." description_head = "A call to a user-supplied address is executed."
description_tail = ( description_tail = (
"An external message is sent to an address specified by the caller. Note that " "An external message call to an address specified by the caller is executed. Note that "
"the callee account might contain arbitrary code and could re-enter any function " "the callee account might contain arbitrary code and could re-enter any function "
"with this contract. Reentering the contract in an intermediate state may lead to " "within this contract. Reentering the contract in an intermediate state may lead to "
"unexpected behaviour. Make sure that state is no state modifications " "unexpected behaviour. Make sure that no state modifications "
"are executed after this call and/or reentrancy guards are in place." "are executed after this call and/or reentrancy guards are in place."
) )

@ -202,14 +202,10 @@ class IntegerArithmetics(DetectionModule):
def _get_description_tail(annotation, _type): def _get_description_tail(annotation, _type):
return ( return (
"The operands of the {} operation are not sufficiently constrained. " "It is possible to cause an integer {} in the {} operation. Prevent the {} by constraining inputs "
"The {} could therefore result in an integer {}. Prevent the {} by checking inputs " "using the require() statement or use the OpenZeppelin SafeMath library for integer arithmetic operations. "
"or ensure sure that the {} is caught by an assertion.".format( "Refer to the transaction trace generated for this issue to reproduce the {}.".format(
annotation.operator, _type.lower(), annotation.operator, _type.lower(), _type.lower()
annotation.operator,
_type.lower(),
_type.lower(),
_type.lower(),
) )
) )

@ -75,8 +75,10 @@ class MultipleSends(DetectionModule):
except UnsatError: except UnsatError:
continue continue
description_tail = ( description_tail = (
"This call is executed after a previous call in the same transaction. " "This call is executed following another call within the same transaction. It is possible "
"Try to isolate each call, transfer or send into its own transaction." "that the call never gets executed if a prior call fails permanently (this might be caused "
"intentionally by a malicious callee). If possible, refactor the code such that each transaction "
"only executes one external call."
) )
issue = Issue( issue = Issue(

Loading…
Cancel
Save