TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'more_documentation' of github.com:nbanmp/mythril into more_documentation

Browse Source
pull/925/head
Nathan 6 years ago
parent 086bea6e1d c52843ad0f
commit bc29dc54a1
15 changed files with 260 additions and 230 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      README.md
  2. 0
      docs/source/wiki.rst
  3. 8
      mythril/analysis/modules/deprecated_ops.py
  4. 2
      mythril/analysis/swc_data.py
  5. 6
      mythril/interfaces/cli.py
  6. 36
      tests/testdata/outputs_expected/calls.sol.o.jsonv2
  7. 24
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2

2
README.md
Unescape View File

@ -12,7 +12,7 @@
[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
[![Downloads](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses symbolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
If you a smart contract developer who wants convenience and comprehensive results, you should be using [MythX](https://mythx.io), our next-gen smart contract security API that [integrates with Truffle Framework](https://github.com/ConsenSys/truffle-security) and other development environments.

0
docs/source/wiki.rst
Unescape View File

8
mythril/analysis/modules/deprecated_ops.py
Unescape View File

@ -1,6 +1,6 @@
"""This module contains the detection code for deprecated op codes."""
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import DEPRICATED_FUNCTIONS_USAGE
from mythril.analysis.swc_data import DEPRECATED_FUNCTIONS_USAGE
from mythril.analysis.modules.base import DetectionModule
from mythril.laser.ethereum.state.global_state import GlobalState
import logging
@ -33,7 +33,7 @@ def _analyze_state(state):
node.function_name
)
)
swc_id = DEPRICATED_FUNCTIONS_USAGE
swc_id = DEPRECATED_FUNCTIONS_USAGE
elif instruction["opcode"] == "CALLCODE":
log.debug("CALLCODE in function " + node.function_name)
@ -44,7 +44,7 @@ def _analyze_state(state):
"Due to a bug in the implementation it does not persist sender and value over the call. It was "
"therefore deprecated and may be removed in the future. Use the delegatecall method instead."
)
swc_id = DEPRICATED_FUNCTIONS_USAGE
swc_id = DEPRECATED_FUNCTIONS_USAGE
issue = Issue(
contract=node.contract_name,
@ -68,7 +68,7 @@ class DeprecatedOperationsModule(DetectionModule):
""""""
super().__init__(
name="Deprecated Operations",
swc_id=DEPRICATED_FUNCTIONS_USAGE,
swc_id=DEPRECATED_FUNCTIONS_USAGE,
description=DESCRIPTION,
entrypoint="callback",
pre_hooks=["ORIGIN", "CALLCODE"],

2
mythril/analysis/swc_data.py
Unescape View File

@ -11,7 +11,7 @@ REENTRANCY = "107"
DEFAULT_STATE_VARIABLE_VISIBILITY = "108"
UNINITIALIZED_STORAGE_POINTER = "109"
ASSERT_VIOLATION = "110"
DEPRICATED_FUNCTIONS_USAGE = "111"
DEPRECATED_FUNCTIONS_USAGE = "111"
DELEGATECALL_TO_UNTRUSTED_CONTRACT = "112"
MULTIPLE_SENDS = "113"
TX_ORDER_DEPENDENCE = "114"

6
mythril/interfaces/cli.py
Unescape View File

@ -165,14 +165,14 @@ def main():
options.add_argument(
"--max-depth",
type=int,
default=22,
default=50,
help="Maximum recursion depth for symbolic execution",
)
options.add_argument(
"--strategy",
choices=["dfs", "bfs", "naive-random", "weighted-random"],
default="dfs",
default="bfs",
help="Symbolic execution strategy",
)
options.add_argument(
@ -280,7 +280,7 @@ def main():
)
if args.query_signature:
if sigs.ethereum_input_decoder == None:
if sigs.ethereum_input_decoder is None:
exit_with_error(
args.outform,
"The --query-signature function requires the python package ethereum-input-decoder",

36
tests/testdata/outputs_expected/calls.sol.o.jsonv2 vendored
Unescape View File

@ -6,7 +6,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "661:1:0"
@ -21,7 +23,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
@ -36,7 +40,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
@ -51,7 +57,9 @@
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "912:1:0"
@ -66,7 +74,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "661:1:0"
@ -81,7 +91,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
@ -96,7 +108,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
@ -111,7 +125,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "912:1:0"
@ -122,7 +138,9 @@
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f"

24
tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 vendored
Unescape View File

@ -6,7 +6,9 @@
"head": "Use of callcode is deprecated.",
"tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "618:1:0"
@ -21,7 +23,9 @@
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "1038:1:0"
@ -36,7 +40,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "618:1:0"
@ -51,7 +57,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "849:1:0"
@ -66,7 +74,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "1038:1:0"
@ -77,7 +87,9 @@
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"

Write Preview
Loading…
Cancel
Save