TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'more_documentation' of github.com:nbanmp/mythril into more_documentation

Browse Source
pull/925/head
Nathan 6 years ago
parent 086bea6e1d c52843ad0f
commit bc29dc54a1
15 changed files with 260 additions and 230 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      README.md
  2. 0
      docs/source/wiki.rst
  3. 2
      mythril/analysis/modules/delegatecall.py
  4. 8
      mythril/analysis/modules/deprecated_ops.py
  5. 2
      mythril/analysis/modules/external_calls.py
  6. 2
      mythril/analysis/swc_data.py
  7. 6
      mythril/interfaces/cli.py
  8. 2
      tests/testdata/outputs_expected/calls.sol.o.json
  9. 38
      tests/testdata/outputs_expected/calls.sol.o.jsonv2
  10. 2
      tests/testdata/outputs_expected/calls.sol.o.markdown
  11. 2
      tests/testdata/outputs_expected/calls.sol.o.text
  12. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.json
  13. 26
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2
  14. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown
  15. 2
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.text

2
README.md
Unescape View File

@ -12,7 +12,7 @@
[![Sonarcloud - Maintainability](https://sonarcloud.io/api/project_badges/measure?project=mythril&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=mythril)
[![Downloads](https://pepy.tech/badge/mythril)](https://pepy.tech/project/mythril)
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses symbolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities.
If you a smart contract developer who wants convenience and comprehensive results, you should be using [MythX](https://mythx.io), our next-gen smart contract security API that [integrates with Truffle Framework](https://github.com/ConsenSys/truffle-security) and other development environments.

0
docs/source/wiki.rst
Unescape View File

2
mythril/analysis/modules/delegatecall.py
Unescape View File

@ -85,7 +85,7 @@ def _concrete_call(
title="Delegatecall Proxy",
severity="Low",
description_head="The contract implements a delegatecall proxy.",
description_tail="The smart contract forwards the received calldata via delegatecall. Note that callers"
description_tail="The smart contract forwards the received calldata via delegatecall. Note that callers "
"can execute arbitrary functions in the callee contract and that the callee contract "
"can access the storage of the calling contract. "
"Make sure that the callee contract is audited properly.",

8
mythril/analysis/modules/deprecated_ops.py
Unescape View File

@ -1,6 +1,6 @@
"""This module contains the detection code for deprecated op codes."""
from mythril.analysis.report import Issue
from mythril.analysis.swc_data import DEPRICATED_FUNCTIONS_USAGE
from mythril.analysis.swc_data import DEPRECATED_FUNCTIONS_USAGE
from mythril.analysis.modules.base import DetectionModule
from mythril.laser.ethereum.state.global_state import GlobalState
import logging
@ -33,7 +33,7 @@ def _analyze_state(state):
node.function_name
)
)
swc_id = DEPRICATED_FUNCTIONS_USAGE
swc_id = DEPRECATED_FUNCTIONS_USAGE
elif instruction["opcode"] == "CALLCODE":
log.debug("CALLCODE in function " + node.function_name)
@ -44,7 +44,7 @@ def _analyze_state(state):
"Due to a bug in the implementation it does not persist sender and value over the call. It was "
"therefore deprecated and may be removed in the future. Use the delegatecall method instead."
)
swc_id = DEPRICATED_FUNCTIONS_USAGE
swc_id = DEPRECATED_FUNCTIONS_USAGE
issue = Issue(
contract=node.contract_name,
@ -68,7 +68,7 @@ class DeprecatedOperationsModule(DetectionModule):
""""""
super().__init__(
name="Deprecated Operations",
swc_id=DEPRICATED_FUNCTIONS_USAGE,
swc_id=DEPRECATED_FUNCTIONS_USAGE,
description=DESCRIPTION,
entrypoint="callback",
pre_hooks=["ORIGIN", "CALLCODE"],

2
mythril/analysis/modules/external_calls.py
Unescape View File

@ -51,7 +51,7 @@ def _analyze_state(state):
description_tail = (
"The callee address of an external message call can be set by "
"the caller. Note that the callee can contain arbitrary code and may re-enter any function "
"in this contract. Review the business logic carefully to prevent averse effects on the"
"in this contract. Review the business logic carefully to prevent averse effects on the "
"contract state."
)

2
mythril/analysis/swc_data.py
Unescape View File

@ -11,7 +11,7 @@ REENTRANCY = "107"
DEFAULT_STATE_VARIABLE_VISIBILITY = "108"
UNINITIALIZED_STORAGE_POINTER = "109"
ASSERT_VIOLATION = "110"
DEPRICATED_FUNCTIONS_USAGE = "111"
DEPRECATED_FUNCTIONS_USAGE = "111"
DELEGATECALL_TO_UNTRUSTED_CONTRACT = "112"
MULTIPLE_SENDS = "113"
TX_ORDER_DEPENDENCE = "114"

6
mythril/interfaces/cli.py
Unescape View File

@ -165,14 +165,14 @@ def main():
options.add_argument(
"--max-depth",
type=int,
default=22,
default=50,
help="Maximum recursion depth for symbolic execution",
)
options.add_argument(
"--strategy",
choices=["dfs", "bfs", "naive-random", "weighted-random"],
default="dfs",
default="bfs",
help="Symbolic execution strategy",
)
options.add_argument(
@ -280,7 +280,7 @@ def main():
)
if args.query_signature:
if sigs.ethereum_input_decoder == None:
if sigs.ethereum_input_decoder is None:
exit_with_error(
args.outform,
"The --query-signature function requires the python package ethereum-input-decoder",

2
tests/testdata/outputs_expected/calls.sol.o.json vendored
Unescape View File

@ -83,7 +83,7 @@
"address": 912,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "calluseraddress(address)",
"max_gas_used": 616,
"min_gas_used": 335,

38
tests/testdata/outputs_expected/calls.sol.o.jsonv2 vendored
Unescape View File

@ -6,7 +6,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "661:1:0"
@ -21,7 +23,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
@ -36,7 +40,9 @@
"head": "The contract executes an external message call.",
"tail": "An external function call to a fixed contract address is executed. Make sure that the callee contract has been reviewed carefully."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
@ -49,9 +55,11 @@
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
},
"extra": {},
"locations": [
{
"sourceMap": "912:1:0"
@ -66,7 +74,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "661:1:0"
@ -81,7 +91,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "779:1:0"
@ -96,7 +108,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "858:1:0"
@ -111,7 +125,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "912:1:0"
@ -122,7 +138,9 @@
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f"

2
tests/testdata/outputs_expected/calls.sol.o.markdown vendored
Unescape View File

@ -89,7 +89,7 @@ External calls return a boolean value. If the callee contract halts with an exce
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104

2
tests/testdata/outputs_expected/calls.sol.o.text vendored
Unescape View File

@ -72,7 +72,7 @@ Function name: calluseraddress(address)
PC address: 912
Estimated Gas Usage: 335 - 616
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====

2
tests/testdata/outputs_expected/kinds_of_calls.sol.o.json vendored
Unescape View File

@ -44,7 +44,7 @@
"address": 1038,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "_function_0xeea4c864",
"max_gas_used": 1223,
"min_gas_used": 471,

26
tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 vendored
Unescape View File

@ -6,7 +6,9 @@
"head": "Use of callcode is deprecated.",
"tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "618:1:0"
@ -19,9 +21,11 @@
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state."
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
},
"extra": {},
"locations": [
{
"sourceMap": "1038:1:0"
@ -36,7 +40,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "618:1:0"
@ -51,7 +57,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "849:1:0"
@ -66,7 +74,9 @@
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {},
"extra": {
},
"locations": [
{
"sourceMap": "1038:1:0"
@ -77,7 +87,9 @@
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"meta": {
},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"

2
tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown vendored
Unescape View File

@ -50,7 +50,7 @@ External calls return a boolean value. If the callee contract halts with an exce
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104

2
tests/testdata/outputs_expected/kinds_of_calls.sol.o.text vendored
Unescape View File

@ -39,7 +39,7 @@ Function name: _function_0xeea4c864
PC address: 1038
Estimated Gas Usage: 471 - 1223
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on thecontract state.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====

Write Preview
Loading…
Cancel
Save