Merge branch 'more_documentation' of github.com:nbanmp/mythril into more_documentation

pull/925/head
Nathan 6 years ago
commit bc29dc54a1
  1. 2
      README.md
  2. 0
      docs/source/wiki.rst
  3. 2
      mythril/analysis/modules/delegatecall.py
  4. 8
      mythril/analysis/modules/deprecated_ops.py
  5. 2
      mythril/analysis/modules/external_calls.py
  6. 2
      mythril/analysis/swc_data.py
  7. 6
      mythril/interfaces/cli.py
  8. 2
      tests/testdata/outputs_expected/calls.sol.o.json
  9. 276
      tests/testdata/outputs_expected/calls.sol.o.jsonv2
  10. 2
      tests/testdata/outputs_expected/calls.sol.o.markdown
  11. 2
      tests/testdata/outputs_expected/calls.sol.o.text
  12. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.json
  13. 180
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2
  14. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown
  15. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.text

@ -12,7 +12,7 @@
[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril) [![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
[![Downloads](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril) [![Downloads](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses symbolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
If you a smart contract developer who wants convenience and comprehensive results, you should be using [MythX](https://mythx.io), our next-gen smart contract security API that [integrates with Truffle Framework](https://github.com/ConsenSys/truffle-security) and other development environments. If you a smart contract developer who wants convenience and comprehensive results, you should be using [MythX](https://mythx.io), our next-gen smart contract security API that [integrates with Truffle Framework](https://github.com/ConsenSys/truffle-security) and other development environments.

@ -85,7 +85,7 @@ def _concrete_call(
title="Delegatecall Proxy", title="Delegatecall Proxy",
severity="Low", severity="Low",
description_head="The contract implements a delegatecall proxy.", description_head="The contract implements a delegatecall proxy.",
description_tail="The smart contract forwards the received calldata via delegatecall. Note that callers" description_tail="The smart contract forwards the received calldata via delegatecall. Note that callers "
"can execute arbitrary functions in the callee contract and that the callee contract " "can execute arbitrary functions in the callee contract and that the callee contract "
"can access the storage of the calling contract. " "can access the storage of the calling contract. "
"Make sure that the callee contract is audited properly.", "Make sure that the callee contract is audited properly.",

@ -1,6 +1,6 @@
"""This module contains the detection code for deprecated op codes.""" """This module contains the detection code for deprecated op codes."""
from mythril.analysis.report import Issue from mythril.analysis.report import Issue
from mythril.analysis.swc_data import DEPRICATED_FUNCTIONS_USAGE from mythril.analysis.swc_data import DEPRECATED_FUNCTIONS_USAGE
from mythril.analysis.modules.base import DetectionModule from mythril.analysis.modules.base import DetectionModule
from mythril.laser.ethereum.state.global_state import GlobalState from mythril.laser.ethereum.state.global_state import GlobalState
import logging import logging
@ -33,7 +33,7 @@ def _analyze_state(state):
node.function_name node.function_name
) )
) )
swc_id = DEPRICATED_FUNCTIONS_USAGE swc_id = DEPRECATED_FUNCTIONS_USAGE
elif instruction["opcode"] == "CALLCODE": elif instruction["opcode"] == "CALLCODE":
log.debug("CALLCODE in function " + node.function_name) log.debug("CALLCODE in function " + node.function_name)
@ -44,7 +44,7 @@ def _analyze_state(state):
"Due to a bug in the implementation it does not persist sender and value over the call. It was " "Due to a bug in the implementation it does not persist sender and value over the call. It was "
"therefore deprecated and may be removed in the future. Use the delegatecall method instead." "therefore deprecated and may be removed in the future. Use the delegatecall method instead."
) )
swc_id = DEPRICATED_FUNCTIONS_USAGE swc_id = DEPRECATED_FUNCTIONS_USAGE
issue = Issue( issue = Issue(
contract=node.contract_name, contract=node.contract_name,
@ -68,7 +68,7 @@ class DeprecatedOperationsModule(DetectionModule):
"""""" """"""
super().__init__( super().__init__(
name="Deprecated Operations", name="Deprecated Operations",
swc_id=DEPRICATED_FUNCTIONS_USAGE, swc_id=DEPRECATED_FUNCTIONS_USAGE,
description=DESCRIPTION, description=DESCRIPTION,
entrypoint="callback", entrypoint="callback",
pre_hooks=["ORIGIN", "CALLCODE"], pre_hooks=["ORIGIN", "CALLCODE"],

@ -51,7 +51,7 @@ def _analyze_state(state):
description_tail = ( description_tail = (
"The callee address of an external message call can be set by " "The callee address of an external message call can be set by "
"the caller. Note that the callee can contain arbitrary code and may re-enter any function " "the caller. Note that the callee can contain arbitrary code and may re-enter any function "
"in this contract. Review the business logic carefully to prevent averse effects on the" "in this contract. Review the business logic carefully to prevent averse effects on the "
"contract state." "contract state."
) )

@ -11,7 +11,7 @@ REENTRANCY = "107"
DEFAULT_STATE_VARIABLE_VISIBILITY = "108" DEFAULT_STATE_VARIABLE_VISIBILITY = "108"
UNINITIALIZED_STORAGE_POINTER = "109" UNINITIALIZED_STORAGE_POINTER = "109"
ASSERT_VIOLATION = "110" ASSERT_VIOLATION = "110"
DEPRICATED_FUNCTIONS_USAGE = "111" DEPRECATED_FUNCTIONS_USAGE = "111"
DELEGATECALL_TO_UNTRUSTED_CONTRACT = "112" DELEGATECALL_TO_UNTRUSTED_CONTRACT = "112"
MULTIPLE_SENDS = "113" MULTIPLE_SENDS = "113"
TX_ORDER_DEPENDENCE = "114" TX_ORDER_DEPENDENCE = "114"

@ -165,14 +165,14 @@ def main():
options.add_argument( options.add_argument(
"--max-depth", "--max-depth",
type=int, type=int,
default=22, default=50,
help="Maximum recursion depth for symbolic execution", help="Maximum recursion depth for symbolic execution",
) )
options.add_argument( options.add_argument(
"--strategy", "--strategy",
choices=["dfs", "bfs", "naive-random", "weighted-random"], choices=["dfs", "bfs", "naive-random", "weighted-random"],
default="dfs", default="bfs",
help="Symbolic execution strategy", help="Symbolic execution strategy",
) )
options.add_argument( options.add_argument(
@ -280,7 +280,7 @@ def main():
) )
if args.query_signature: if args.query_signature:
if sigs.ethereum_input_decoder == None: if sigs.ethereum_input_decoder is None:
exit_with_error( exit_with_error(
args.outform, args.outform,
"The --query-signature function requires the python package ethereum-input-decoder", "The --query-signature function requires the python package ethereum-input-decoder",

@ -83,7 +83,7 @@
"address": 912, "address": 912,
"contract": "Unknown", "contract": "Unknown",
"debug": "<DEBUG-DATA>", "debug": "<DEBUG-DATA>",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "calluseraddress(address)", "function": "calluseraddress(address)",
"max_gas_used": 616, "max_gas_used": 616,
"min_gas_used": 335, "min_gas_used": 335,

@ -1,132 +1,150 @@
[ [
{ {
"issues": [ "issues": [
{ {
"description": { "description": {
"head": "The contract executes an external message call.", "head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully." "tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
}, },
"extra": {}, "extra": {
"locations": [
{ },
"sourceMap": "661:1:0" "locations": [
} {
], "sourceMap": "661:1:0"
"severity": "Low", }
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"locations": [
{
"sourceMap": "779:1:0"
}
],
"severity": "Low",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Low",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."
},
"extra": {},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "661:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "779:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
], ],
"meta": {}, "severity": "Low",
"sourceFormat": "evm-byzantium-bytecode", "swcID": "SWC-107",
"sourceList": [ "swcTitle": "Reentrancy"
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f" },
{
"description": {
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
}
], ],
"sourceType": "raw-bytecode" "severity": "Low",
} "swcID": "SWC-107",
] "swcTitle": "Reentrancy"
},
{
"description": {
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Low",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "661:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f"
],
"sourceType": "raw-bytecode"
}
]

@ -89,7 +89,7 @@ External calls return a boolean value. If the callee contract halts with an exce
### Description ### Description
A call to a user-supplied address is executed. A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value ## Unchecked Call Return Value
- SWC ID: 104 - SWC ID: 104

@ -72,7 +72,7 @@ Function name: calluseraddress(address)
PC address: 912 PC address: 912
Estimated Gas Usage: 335 - 616 Estimated Gas Usage: 335 - 616
A call to a user-supplied address is executed. A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
-------------------- --------------------
==== Unchecked Call Return Value ==== ==== Unchecked Call Return Value ====

@ -44,7 +44,7 @@
"address": 1038, "address": 1038,
"contract": "Unknown", "contract": "Unknown",
"debug": "<DEBUG-DATA>", "debug": "<DEBUG-DATA>",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.", "description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "_function_0xeea4c864", "function": "_function_0xeea4c864",
"max_gas_used": 1223, "max_gas_used": 1223,
"min_gas_used": 471, "min_gas_used": 471,

@ -1,87 +1,99 @@
[ [
{ {
"issues": [ "issues": [
{ {
"description": { "description": {
"head": "Use of callcode is deprecated.", "head": "Use of callcode is deprecated.",
"tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead." "tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead."
}, },
"extra": {}, "extra": {
"locations": [
{ },
"sourceMap": "618:1:0" "locations": [
} {
], "sourceMap": "618:1:0"
"severity": "Medium", }
"swcID": "SWC-111",
"swcTitle": "Use of Deprecated Solidity Functions"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."
},
"extra": {},
"locations": [
{
"sourceMap": "1038:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "618:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "849:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"locations": [
{
"sourceMap": "1038:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
], ],
"meta": {}, "severity": "Medium",
"sourceFormat": "evm-byzantium-bytecode", "swcID": "SWC-111",
"sourceList": [ "swcTitle": "Use of Deprecated Solidity Functions"
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1" },
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
},
"locations": [
{
"sourceMap": "1038:1:0"
}
], ],
"sourceType": "raw-bytecode" "severity": "Medium",
} "swcID": "SWC-107",
] "swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "618:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "849:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
},
"locations": [
{
"sourceMap": "1038:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"
],
"sourceType": "raw-bytecode"
}
]

@ -50,7 +50,7 @@ External calls return a boolean value. If the callee contract halts with an exce
### Description ### Description
A call to a user-supplied address is executed. A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value ## Unchecked Call Return Value
- SWC ID: 104 - SWC ID: 104

@ -39,7 +39,7 @@ Function name: _function_0xeea4c864
PC address: 1038 PC address: 1038
Estimated Gas Usage: 471 - 1223 Estimated Gas Usage: 471 - 1223
A call to a user-supplied address is executed. A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state. The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
-------------------- --------------------
==== Unchecked Call Return Value ==== ==== Unchecked Call Return Value ====

Loading…
Cancel
Save