TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Resolve merge conflict

Browse Source
pull/1102/head
Bernhard Mueller 5 years ago
parent 000553d788 88fdc543be
commit ccf5c3b3c0
50 changed files with 4 additions and 2301 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      myth
  2. 200
      tests/report_test.py
  3. 123
      tests/testdata/outputs_expected/calls.sol.o.json
  4. 174
      tests/testdata/outputs_expected/calls.sol.o.jsonv2
  5. 118
      tests/testdata/outputs_expected/calls.sol.o.markdown
  6. 99
      tests/testdata/outputs_expected/calls.sol.o.text
  7. 32
      tests/testdata/outputs_expected/ether_send.sol.o.json
  8. 48
      tests/testdata/outputs_expected/ether_send.sol.o.jsonv2
  9. 27
      tests/testdata/outputs_expected/ether_send.sol.o.markdown
  10. 22
      tests/testdata/outputs_expected/ether_send.sol.o.text
  11. 58
      tests/testdata/outputs_expected/exceptions.sol.o.json
  12. 84
      tests/testdata/outputs_expected/exceptions.sol.o.jsonv2
  13. 53
      tests/testdata/outputs_expected/exceptions.sol.o.markdown
  14. 44
      tests/testdata/outputs_expected/exceptions.sol.o.text
  15. 84
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.json
  16. 120
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2
  17. 79
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown
  18. 66
      tests/testdata/outputs_expected/kinds_of_calls.sol.o.text
  19. 19
      tests/testdata/outputs_expected/metacoin.sol.o.json
  20. 30
      tests/testdata/outputs_expected/metacoin.sol.o.jsonv2
  21. 14
      tests/testdata/outputs_expected/metacoin.sol.o.markdown
  22. 11
      tests/testdata/outputs_expected/metacoin.sol.o.text
  23. 19
      tests/testdata/outputs_expected/multi_contracts.sol.o.json
  24. 30
      tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2
  25. 14
      tests/testdata/outputs_expected/multi_contracts.sol.o.markdown
  26. 11
      tests/testdata/outputs_expected/multi_contracts.sol.o.text
  27. 5
      tests/testdata/outputs_expected/nonascii.sol.o.json
  28. 11
      tests/testdata/outputs_expected/nonascii.sol.o.jsonv2
  29. 3
      tests/testdata/outputs_expected/nonascii.sol.o.markdown
  30. 1
      tests/testdata/outputs_expected/nonascii.sol.o.text
  31. 19
      tests/testdata/outputs_expected/origin.sol.o.json
  32. 30
      tests/testdata/outputs_expected/origin.sol.o.jsonv2
  33. 15
      tests/testdata/outputs_expected/origin.sol.o.markdown
  34. 12
      tests/testdata/outputs_expected/origin.sol.o.text
  35. 45
      tests/testdata/outputs_expected/overflow.sol.o.json
  36. 66
      tests/testdata/outputs_expected/overflow.sol.o.jsonv2
  37. 40
      tests/testdata/outputs_expected/overflow.sol.o.markdown
  38. 33
      tests/testdata/outputs_expected/overflow.sol.o.text
  39. 45
      tests/testdata/outputs_expected/returnvalue.sol.o.json
  40. 66
      tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2
  41. 40
      tests/testdata/outputs_expected/returnvalue.sol.o.markdown
  42. 33
      tests/testdata/outputs_expected/returnvalue.sol.o.text
  43. 19
      tests/testdata/outputs_expected/suicide.sol.o.json
  44. 30
      tests/testdata/outputs_expected/suicide.sol.o.jsonv2
  45. 14
      tests/testdata/outputs_expected/suicide.sol.o.markdown
  46. 11
      tests/testdata/outputs_expected/suicide.sol.o.text
  47. 45
      tests/testdata/outputs_expected/underflow.sol.o.json
  48. 66
      tests/testdata/outputs_expected/underflow.sol.o.jsonv2
  49. 40
      tests/testdata/outputs_expected/underflow.sol.o.markdown
  50. 33
      tests/testdata/outputs_expected/underflow.sol.o.text

4
myth
Unescape View File

@ -21,6 +21,10 @@ if __name__ == "__main__":
if arg in COMMAND_LIST:
mythril.interfaces.cli.main()
exit()
if "--help" in argv or "-h" in argv:
mythril.interfaces.cli.main()
exit()
warnings.warn("The old cli arguments are deprecated, Please use 'myth -h' to view the new command line interface")
mythril.interfaces.old_cli.main()

200
tests/report_test.py
Unescape View File

@ -1,200 +0,0 @@
from mythril.analysis.report import Report
from mythril.analysis.security import fire_lasers, reset_callback_modules
from mythril.analysis.symbolic import SymExecWrapper
from mythril.ethereum import util
from mythril.solidity.soliditycontract import EVMContract
from multiprocessing import Pool, cpu_count
import pytest
import json
from tests import *
import difflib
def _fix_path(text):
return text.replace(str(TESTDATA), "<TESTDATA>")
def _fix_debug_data(json_str):
read_json = json.loads(json_str)
for issue in read_json["issues"]:
issue["tx_sequence"] = "<TX-DATA>"
return json.dumps(read_json, sort_keys=True, indent=4)
def _add_jsonv2_stubs(json_str):
read_json = json.loads(json_str)
for issue in read_json[0]["issues"]:
issue["extra"]["discoveryTime"] = "<DISCOVERY-TIME-DATA>"
issue["extra"]["testCase"] = "<TEST-CASE>"
return json.dumps(read_json, sort_keys=True, indent=4)
def _generate_report(input_file):
contract = EVMContract(input_file.read_text(), enable_online_lookup=False)
sym = SymExecWrapper(
contract,
address=0xAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFEAFFE,
strategy="dfs",
execution_timeout=30,
transaction_count=1,
)
issues = fire_lasers(sym)
report = Report(contracts=[contract])
for issue in issues:
issue.filename = "test-filename.sol"
report.append_issue(issue)
return report, input_file
@pytest.fixture(scope="module")
def reports():
"""Fixture that analyses all reports."""
reset_callback_modules()
pool = Pool(cpu_count())
input_files = sorted(
[f for f in TESTDATA_INPUTS.iterdir() if f.name != "environments.sol.o"]
)
results = pool.map(_generate_report, input_files)
return results
def _assert_empty(changed_files, postfix):
"""Asserts there are no changed files and otherwise builds error
message."""
message = ""
for input_file in changed_files:
output_expected = (
(TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix))
.read_text()
.splitlines(1)
)
output_current = (
(TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix))
.read_text()
.splitlines(1)
)
difference = "".join(difflib.unified_diff(output_expected, output_current))
message += "Found differing file for input: {} \n Difference: \n {} \n".format(
str(input_file), str(difference)
)
assert message == "", message
def _assert_empty_json(changed_files, postfix=".json"):
"""Asserts there are no changed files and otherwise builds error
message."""
expected = []
actual = []
def ordered(obj):
"""
:param obj:
:return:
"""
if isinstance(obj, dict):
return sorted((k, ordered(v)) for k, v in obj.items())
elif isinstance(obj, list):
return sorted(ordered(x) for x in obj)
else:
return obj
for input_file in changed_files:
output_expected = json.loads(
(TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text()
)
output_current = json.loads(
(TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text()
)
if not ordered(output_expected) == ordered(output_current):
expected.append(output_expected)
actual.append(output_current)
print("Found difference in {}".format(str(input_file)))
assert expected == actual
def _get_changed_files(postfix, report_builder, reports):
"""Returns a generator for all unexpected changes in generated reports.
:param postfix: The applicable postfix
:param report_builder: serialization function
:param reports: The reports to serialize
:return: Changed files
"""
for report, input_file in reports:
output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)
output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)
output_current.write_text(report_builder(report))
if not (output_expected.read_text() == output_current.read_text()):
yield input_file
def _get_changed_files_json(report_builder, reports, postfix=".json"):
def ordered(obj):
"""
:param obj:
:return:
"""
if isinstance(obj, dict):
return sorted((k, ordered(v)) for k, v in obj.items())
elif isinstance(obj, list):
return sorted(ordered(x) for x in obj)
else:
return obj
for report, input_file in reports:
output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)
output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)
output_current.write_text(report_builder(report))
if not ordered(json.loads(output_expected.read_text())) == ordered(
json.loads(output_current.read_text())
):
yield input_file
def test_json_report(reports):
_assert_empty_json(
_get_changed_files_json(
lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports
)
)
def test_markdown_report(reports):
_assert_empty(
_get_changed_files(
".markdown", lambda report: _fix_path(report.as_markdown()), reports
),
".markdown",
)
def test_text_report(reports):
_assert_empty(
_get_changed_files(
".text", lambda report: _fix_path(report.as_text()), reports
),
".text",
)
def test_jsonv2_report(reports):
_assert_empty_json(
_get_changed_files_json(
lambda report: _fix_path(
_add_jsonv2_stubs(report.as_swc_standard_format())
).strip(),
reports,
".jsonv2",
),
".jsonv2",
)

123
tests/testdata/outputs_expected/calls.sol.o.json vendored
Unescape View File

@ -1,123 +0,0 @@
{
"error": null,
"issues": [
{
"address": 661,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "thisisfine()",
"max_gas_used": 1254,
"min_gas_used": 643,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 661,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "thisisfine()",
"max_gas_used": 35972,
"min_gas_used": 1361,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
},
{
"address": 779,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "callstoredaddress()",
"max_gas_used": 1298,
"min_gas_used": 687,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 779,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "callstoredaddress()",
"max_gas_used": 36016,
"min_gas_used": 1405,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
},
{
"address": 858,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "reentrancy()",
"max_gas_used": 1320,
"min_gas_used": 709,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 858,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "reentrancy()",
"max_gas_used": 61052,
"min_gas_used": 6441,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
},
{
"address": 869,
"contract": "Unknown",
"description": "The contract account state is changed after an external call. \nConsider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.",
"function": "reentrancy()",
"max_gas_used": null,
"min_gas_used": null,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "State change after external call",
"tx_sequence": "<TX-DATA>"
},
{
"address": 912,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "calluseraddress(address)",
"max_gas_used": 616,
"min_gas_used": 335,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 912,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "calluseraddress(address)",
"max_gas_used": 35336,
"min_gas_used": 1055,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

174
tests/testdata/outputs_expected/calls.sol.o.jsonv2 vendored
Unescape View File

@ -1,174 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "661:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "779:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The contract account state is changed after an external call. ",
"tail": "Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "869:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "661:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "779:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "858:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "912:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x7cbb77986c6b1bf6e945cd3fba06d3ea3d28cfc49cdfdc9571ec30703ac5862f"
],
"sourceType": "raw-bytecode"
}
]

118
tests/testdata/outputs_expected/calls.sol.o.markdown vendored
Unescape View File

@ -1,118 +0,0 @@
# Analysis results for test-filename.sol
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `thisisfine()`
- PC address: 661
- Estimated Gas Usage: 643 - 1254
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `thisisfine()`
- PC address: 661
- Estimated Gas Usage: 1361 - 35972
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `callstoredaddress()`
- PC address: 779
- Estimated Gas Usage: 687 - 1298
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `callstoredaddress()`
- PC address: 779
- Estimated Gas Usage: 1405 - 36016
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `reentrancy()`
- PC address: 858
- Estimated Gas Usage: 709 - 1320
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `reentrancy()`
- PC address: 858
- Estimated Gas Usage: 6441 - 61052
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
## State change after external call
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `reentrancy()`
- PC address: 869
- Estimated Gas Usage: None - None
### Description
The contract account state is changed after an external call.
Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `calluseraddress(address)`
- PC address: 912
- Estimated Gas Usage: 335 - 616
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `calluseraddress(address)`
- PC address: 912
- Estimated Gas Usage: 1055 - 35336
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.

99
tests/testdata/outputs_expected/calls.sol.o.text vendored
Unescape View File

@ -1,99 +0,0 @@
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: thisisfine()
PC address: 661
Estimated Gas Usage: 643 - 1254
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: thisisfine()
PC address: 661
Estimated Gas Usage: 1361 - 35972
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: callstoredaddress()
PC address: 779
Estimated Gas Usage: 687 - 1298
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: callstoredaddress()
PC address: 779
Estimated Gas Usage: 1405 - 36016
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: reentrancy()
PC address: 858
Estimated Gas Usage: 709 - 1320
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: reentrancy()
PC address: 858
Estimated Gas Usage: 6441 - 61052
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------
==== State change after external call ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: reentrancy()
PC address: 869
Estimated Gas Usage: None - None
The contract account state is changed after an external call.
Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
--------------------
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: calluseraddress(address)
PC address: 912
Estimated Gas Usage: 335 - 616
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: calluseraddress(address)
PC address: 912
Estimated Gas Usage: 1055 - 35336
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------

32
tests/testdata/outputs_expected/ether_send.sol.o.json vendored
Unescape View File

@ -1,32 +0,0 @@
{
"error": null,
"issues": [
{
"address": 722,
"contract": "Unknown",
"description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.",
"function": "withdrawfunds()",
"max_gas_used": 1749,
"min_gas_used": 1138,
"severity": "High",
"sourceMap": null,
"swc-id": "105",
"title": "Unprotected Ether Withdrawal",
"tx_sequence": "<TX-DATA>"
},
{
"address": 883,
"contract": "Unknown",
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.",
"function": "invest()",
"max_gas_used": 26883,
"min_gas_used": 6598,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Overflow",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

48
tests/testdata/outputs_expected/ether_send.sol.o.jsonv2 vendored
Unescape View File

@ -1,48 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "Anyone can withdraw ETH from the contract account.",
"tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "722:1:0"
}
],
"severity": "High",
"swcID": "SWC-105",
"swcTitle": "Unprotected Ether Withdrawal"
},
{
"description": {
"head": "The binary addition can overflow.",
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "883:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x3746c7c2ae7b0d4c3f8b1905df9a7ea169b9f93bec68a10a00b4c9d27a18c6fb"
],
"sourceType": "raw-bytecode"
}
]

27
tests/testdata/outputs_expected/ether_send.sol.o.markdown vendored
Unescape View File

@ -1,27 +0,0 @@
# Analysis results for test-filename.sol
## Unprotected Ether Withdrawal
- SWC ID: 105
- Severity: High
- Contract: Unknown
- Function name: `withdrawfunds()`
- PC address: 722
- Estimated Gas Usage: 1138 - 1749
### Description
Anyone can withdraw ETH from the contract account.
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.
## Integer Overflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `invest()`
- PC address: 883
- Estimated Gas Usage: 6598 - 26883
### Description
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.

22
tests/testdata/outputs_expected/ether_send.sol.o.text vendored
Unescape View File

@ -1,22 +0,0 @@
==== Unprotected Ether Withdrawal ====
SWC ID: 105
Severity: High
Contract: Unknown
Function name: withdrawfunds()
PC address: 722
Estimated Gas Usage: 1138 - 1749
Anyone can withdraw ETH from the contract account.
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.
--------------------
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: invest()
PC address: 883
Estimated Gas Usage: 6598 - 26883
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------

58
tests/testdata/outputs_expected/exceptions.sol.o.json vendored
Unescape View File

@ -1,58 +0,0 @@
{
"error": null,
"issues": [
{
"address": 446,
"contract": "Unknown",
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.",
"function": "assert3(uint256)",
"max_gas_used": 301,
"min_gas_used": 206,
"severity": "Low",
"sourceMap": null,
"swc-id": "110",
"title": "Exception State",
"tx_sequence": "<TX-DATA>"
},
{
"address": 484,
"contract": "Unknown",
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.",
"function": "arrayaccess(uint256)",
"max_gas_used": 351,
"min_gas_used": 256,
"severity": "Low",
"sourceMap": null,
"swc-id": "110",
"title": "Exception State",
"tx_sequence": "<TX-DATA>"
},
{
"address": 506,
"contract": "Unknown",
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.",
"function": "divisionby0(uint256)",
"max_gas_used": 367,
"min_gas_used": 272,
"severity": "Low",
"sourceMap": null,
"swc-id": "110",
"title": "Exception State",
"tx_sequence": "<TX-DATA>"
},
{
"address": 531,
"contract": "Unknown",
"description": "A reachable exception has been detected.\nIt is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.",
"function": "assert1()",
"max_gas_used": 363,
"min_gas_used": 268,
"severity": "Low",
"sourceMap": null,
"swc-id": "110",
"title": "Exception State",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

84
tests/testdata/outputs_expected/exceptions.sol.o.jsonv2 vendored
Unescape View File

@ -1,84 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "446:1:0"
}
],
"severity": "Low",
"swcID": "SWC-110",
"swcTitle": "Assert Violation"
},
{
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "484:1:0"
}
],
"severity": "Low",
"swcID": "SWC-110",
"swcTitle": "Assert Violation"
},
{
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "506:1:0"
}
],
"severity": "Low",
"swcID": "SWC-110",
"swcTitle": "Assert Violation"
},
{
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "531:1:0"
}
],
"severity": "Low",
"swcID": "SWC-110",
"swcTitle": "Assert Violation"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x4a773a86bc6fb269f88bf09bb3094de29b6073cf13b1760e9d01d957f50a9dfd"
],
"sourceType": "raw-bytecode"
}
]

53
tests/testdata/outputs_expected/exceptions.sol.o.markdown vendored
Unescape View File

@ -1,53 +0,0 @@
# Analysis results for test-filename.sol
## Exception State
- SWC ID: 110
- Severity: Low
- Contract: Unknown
- Function name: `assert3(uint256)`
- PC address: 446
- Estimated Gas Usage: 206 - 301
### Description
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception State
- SWC ID: 110
- Severity: Low
- Contract: Unknown
- Function name: `arrayaccess(uint256)`
- PC address: 484
- Estimated Gas Usage: 256 - 351
### Description
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception State
- SWC ID: 110
- Severity: Low
- Contract: Unknown
- Function name: `divisionby0(uint256)`
- PC address: 506
- Estimated Gas Usage: 272 - 367
### Description
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
## Exception State
- SWC ID: 110
- Severity: Low
- Contract: Unknown
- Function name: `assert1()`
- PC address: 531
- Estimated Gas Usage: 268 - 363
### Description
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.

44
tests/testdata/outputs_expected/exceptions.sol.o.text vendored
Unescape View File

@ -1,44 +0,0 @@
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: Unknown
Function name: assert3(uint256)
PC address: 446
Estimated Gas Usage: 206 - 301
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: Unknown
Function name: arrayaccess(uint256)
PC address: 484
Estimated Gas Usage: 256 - 351
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: Unknown
Function name: divisionby0(uint256)
PC address: 506
Estimated Gas Usage: 272 - 367
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
==== Exception State ====
SWC ID: 110
Severity: Low
Contract: Unknown
Function name: assert1()
PC address: 531
Estimated Gas Usage: 268 - 363
A reachable exception has been detected.
It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------

84
tests/testdata/outputs_expected/kinds_of_calls.sol.o.json vendored
Unescape View File

@ -1,84 +0,0 @@
{
"error": null,
"issues": [
{
"address": 618,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "_function_0x141f32ff",
"max_gas_used": 35865,
"min_gas_used": 1113,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
},
{
"address": 618,
"contract": "Unknown",
"description": "Use of callcode is deprecated.\nThe callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.",
"function": "_function_0x141f32ff",
"max_gas_used": 1141,
"min_gas_used": 389,
"severity": "Medium",
"sourceMap": null,
"swc-id": "111",
"title": "Use of callcode",
"tx_sequence": "<TX-DATA>"
},
{
"address": 849,
"contract": "Unknown",
"description": "The contract delegates execution to another contract with a user-supplied address.\nThe smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. ",
"function": "_function_0x9b58bc26",
"max_gas_used": 35928,
"min_gas_used": 1176,
"severity": "Medium",
"sourceMap": null,
"swc-id": "112",
"title": "Delegatecall Proxy To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 849,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "_function_0x9b58bc26",
"max_gas_used": 35928,
"min_gas_used": 1176,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
},
{
"address": 1038,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "_function_0xeea4c864",
"max_gas_used": 1229,
"min_gas_used": 477,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 1038,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "_function_0xeea4c864",
"max_gas_used": 35953,
"min_gas_used": 1201,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

120
tests/testdata/outputs_expected/kinds_of_calls.sol.o.jsonv2 vendored
Unescape View File

@ -1,120 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "The contract delegates execution to another contract with a user-supplied address.",
"tail": "The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract. "
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "849:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-112",
"swcTitle": "Delegatecall to Untrusted Callee"
},
{
"description": {
"head": "Use of callcode is deprecated.",
"tail": "The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "618:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-111",
"swcTitle": "Use of Deprecated Solidity Functions"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "1038:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "618:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "849:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "1038:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x6daec61d05d8f1210661e7e7d1ed6d72bd6ade639398fac1e867aff50abfc1c1"
],
"sourceType": "raw-bytecode"
}
]

79
tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown vendored
Unescape View File

@ -1,79 +0,0 @@
# Analysis results for test-filename.sol
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `_function_0x141f32ff`
- PC address: 618
- Estimated Gas Usage: 1113 - 35865
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
## Use of callcode
- SWC ID: 111
- Severity: Medium
- Contract: Unknown
- Function name: `_function_0x141f32ff`
- PC address: 618
- Estimated Gas Usage: 389 - 1141
### Description
Use of callcode is deprecated.
The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.
## Delegatecall Proxy To User-Supplied Address
- SWC ID: 112
- Severity: Medium
- Contract: Unknown
- Function name: `_function_0x9b58bc26`
- PC address: 849
- Estimated Gas Usage: 1176 - 35928
### Description
The contract delegates execution to another contract with a user-supplied address.
The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `_function_0x9b58bc26`
- PC address: 849
- Estimated Gas Usage: 1176 - 35928
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `_function_0xeea4c864`
- PC address: 1038
- Estimated Gas Usage: 477 - 1229
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `_function_0xeea4c864`
- PC address: 1038
- Estimated Gas Usage: 1201 - 35953
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.

66
tests/testdata/outputs_expected/kinds_of_calls.sol.o.text vendored
Unescape View File

@ -1,66 +0,0 @@
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: _function_0x141f32ff
PC address: 618
Estimated Gas Usage: 1113 - 35865
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------
==== Use of callcode ====
SWC ID: 111
Severity: Medium
Contract: Unknown
Function name: _function_0x141f32ff
PC address: 618
Estimated Gas Usage: 389 - 1141
Use of callcode is deprecated.
The callcode method executes code of another contract in the context of the caller account. Due to a bug in the implementation it does not persist sender and value over the call. It was therefore deprecated and may be removed in the future. Use the delegatecall method instead.
--------------------
==== Delegatecall Proxy To User-Supplied Address ====
SWC ID: 112
Severity: Medium
Contract: Unknown
Function name: _function_0x9b58bc26
PC address: 849
Estimated Gas Usage: 1176 - 35928
The contract delegates execution to another contract with a user-supplied address.
The smart contract delegates execution to a user-supplied address. Note that callers can execute arbitrary contracts and that the callee contract can access the storage of the calling contract.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: _function_0x9b58bc26
PC address: 849
Estimated Gas Usage: 1176 - 35928
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: _function_0xeea4c864
PC address: 1038
Estimated Gas Usage: 477 - 1229
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: _function_0xeea4c864
PC address: 1038
Estimated Gas Usage: 1201 - 35953
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------

19
tests/testdata/outputs_expected/metacoin.sol.o.json vendored
Unescape View File

@ -1,19 +0,0 @@
{
"error": null,
"issues": [
{
"address": 498,
"contract": "Unknown",
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.",
"function": "sendToken(address,uint256)",
"max_gas_used": 52806,
"min_gas_used": 11860,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Overflow",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

30
tests/testdata/outputs_expected/metacoin.sol.o.jsonv2 vendored
Unescape View File

@ -1,30 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "The binary addition can overflow.",
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "498:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x0e6f727bb3301e02d3be831bf34357522fd2f1d40e90dff8e2214553b06b5f6c"
],
"sourceType": "raw-bytecode"
}
]

14
tests/testdata/outputs_expected/metacoin.sol.o.markdown vendored
Unescape View File

@ -1,14 +0,0 @@
# Analysis results for test-filename.sol
## Integer Overflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendToken(address,uint256)`
- PC address: 498
- Estimated Gas Usage: 11860 - 52806
### Description
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.

11
tests/testdata/outputs_expected/metacoin.sol.o.text vendored
Unescape View File

@ -1,11 +0,0 @@
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendToken(address,uint256)
PC address: 498
Estimated Gas Usage: 11860 - 52806
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------

19
tests/testdata/outputs_expected/multi_contracts.sol.o.json vendored
Unescape View File

@ -1,19 +0,0 @@
{
"error": null,
"issues": [
{
"address": 142,
"contract": "Unknown",
"description": "Anyone can withdraw ETH from the contract account.\nArbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.",
"function": "transfer()",
"max_gas_used": 467,
"min_gas_used": 186,
"severity": "High",
"sourceMap": null,
"swc-id": "105",
"title": "Unprotected Ether Withdrawal",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

30
tests/testdata/outputs_expected/multi_contracts.sol.o.jsonv2 vendored
Unescape View File

@ -1,30 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "Anyone can withdraw ETH from the contract account.",
"tail": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "142:1:0"
}
],
"severity": "High",
"swcID": "SWC-105",
"swcTitle": "Unprotected Ether Withdrawal"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0xbc9c3d9db56d20cf4ca3b6fd88ff9215cf728a092cca1ed8edb83272b933ff5b"
],
"sourceType": "raw-bytecode"
}
]

14
tests/testdata/outputs_expected/multi_contracts.sol.o.markdown vendored
Unescape View File

@ -1,14 +0,0 @@
# Analysis results for test-filename.sol
## Unprotected Ether Withdrawal
- SWC ID: 105
- Severity: High
- Contract: Unknown
- Function name: `transfer()`
- PC address: 142
- Estimated Gas Usage: 186 - 467
### Description
Anyone can withdraw ETH from the contract account.
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.

11
tests/testdata/outputs_expected/multi_contracts.sol.o.text vendored
Unescape View File

@ -1,11 +0,0 @@
==== Unprotected Ether Withdrawal ====
SWC ID: 105
Severity: High
Contract: Unknown
Function name: transfer()
PC address: 142
Estimated Gas Usage: 186 - 467
Anyone can withdraw ETH from the contract account.
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.
--------------------

5
tests/testdata/outputs_expected/nonascii.sol.o.json vendored
Unescape View File

@ -1,5 +0,0 @@
{
"error": null,
"issues": [],
"success": true
}

11
tests/testdata/outputs_expected/nonascii.sol.o.jsonv2 vendored
Unescape View File

@ -1,11 +0,0 @@
[
{
"issues": [],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x11a78eb09819f505ba4f10747e6d1f7a44480e602c67573b7abac2f733a85d93"
],
"sourceType": "raw-bytecode"
}
]

3
tests/testdata/outputs_expected/nonascii.sol.o.markdown vendored
Unescape View File

@ -1,3 +0,0 @@
# Analysis results for None
The analysis was completed successfully. No issues were detected.

1
tests/testdata/outputs_expected/nonascii.sol.o.text vendored
Unescape View File

@ -1 +0,0 @@
The analysis was completed successfully. No issues were detected.

19
tests/testdata/outputs_expected/origin.sol.o.json vendored
Unescape View File

@ -1,19 +0,0 @@
{
"error": null,
"issues": [
{
"address": 317,
"contract": "Unknown",
"description": "Use of tx.origin is deprecated.\nThe smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin",
"function": "transferOwnership(address)",
"max_gas_used": 1051,
"min_gas_used": 626,
"severity": "Medium",
"sourceMap": null,
"swc-id": "111",
"title": "Use of tx.origin",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

30
tests/testdata/outputs_expected/origin.sol.o.jsonv2 vendored
Unescape View File

@ -1,30 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "Use of tx.origin is deprecated.",
"tail": "The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.\nSee also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin"
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "317:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-111",
"swcTitle": "Use of Deprecated Solidity Functions"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x25b20ef097dfc0aa56a932c4e09f06ee02a69c005767df86877f48c6c2412f03"
],
"sourceType": "raw-bytecode"
}
]

15
tests/testdata/outputs_expected/origin.sol.o.markdown vendored
Unescape View File

@ -1,15 +0,0 @@
# Analysis results for test-filename.sol
## Use of tx.origin
- SWC ID: 111
- Severity: Medium
- Contract: Unknown
- Function name: `transferOwnership(address)`
- PC address: 317
- Estimated Gas Usage: 626 - 1051
### Description
Use of tx.origin is deprecated.
The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin

12
tests/testdata/outputs_expected/origin.sol.o.text vendored
Unescape View File

@ -1,12 +0,0 @@
==== Use of tx.origin ====
SWC ID: 111
Severity: Medium
Contract: Unknown
Function name: transferOwnership(address)
PC address: 317
Estimated Gas Usage: 626 - 1051
Use of tx.origin is deprecated.
The smart contract retrieves the transaction origin (tx.origin) using msg.origin. Use of msg.origin is deprecated and the instruction may be removed in the future. Use msg.sender instead.
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin
--------------------

45
tests/testdata/outputs_expected/overflow.sol.o.json vendored
Unescape View File

@ -1,45 +0,0 @@
{
"error": null,
"issues": [
{
"address": 567,
"contract": "Unknown",
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 78155,
"min_gas_used": 17019,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Underflow",
"tx_sequence": "<TX-DATA>"
},
{
"address": 649,
"contract": "Unknown",
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 78155,
"min_gas_used": 17019,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Underflow",
"tx_sequence": "<TX-DATA>"
},
{
"address": 725,
"contract": "Unknown",
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 78155,
"min_gas_used": 17019,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Overflow",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

66
tests/testdata/outputs_expected/overflow.sol.o.jsonv2 vendored
Unescape View File

@ -1,66 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "The binary subtraction can underflow.",
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "567:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
},
{
"description": {
"head": "The binary subtraction can underflow.",
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "649:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
},
{
"description": {
"head": "The binary addition can overflow.",
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "725:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0xf230bec502569e8b7e7737616d0ad0f200c436624e3c223e5398c0615cd2d6b9"
],
"sourceType": "raw-bytecode"
}
]

40
tests/testdata/outputs_expected/overflow.sol.o.markdown vendored
Unescape View File

@ -1,40 +0,0 @@
# Analysis results for test-filename.sol
## Integer Underflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 567
- Estimated Gas Usage: 17019 - 78155
### Description
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
## Integer Underflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 649
- Estimated Gas Usage: 17019 - 78155
### Description
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
## Integer Overflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- Estimated Gas Usage: 17019 - 78155
### Description
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.

33
tests/testdata/outputs_expected/overflow.sol.o.text vendored
Unescape View File

@ -1,33 +0,0 @@
==== Integer Underflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 567
Estimated Gas Usage: 17019 - 78155
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
--------------------
==== Integer Underflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 649
Estimated Gas Usage: 17019 - 78155
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
--------------------
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
Estimated Gas Usage: 17019 - 78155
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------

45
tests/testdata/outputs_expected/returnvalue.sol.o.json vendored
Unescape View File

@ -1,45 +0,0 @@
{
"error": null,
"issues": [
{
"address": 196,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "callchecked()",
"max_gas_used": 1210,
"min_gas_used": 599,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 285,
"contract": "Unknown",
"description": "A call to a user-supplied address is executed.\nThe callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.",
"function": "callnotchecked()",
"max_gas_used": 1232,
"min_gas_used": 621,
"severity": "Medium",
"sourceMap": null,
"swc-id": "107",
"title": "External Call To User-Supplied Address",
"tx_sequence": "<TX-DATA>"
},
{
"address": 285,
"contract": "Unknown",
"description": "The return value of a message call is not checked.\nExternal calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.",
"function": "callnotchecked()",
"max_gas_used": 35950,
"min_gas_used": 1339,
"severity": "Low",
"sourceMap": null,
"swc-id": "104",
"title": "Unchecked Call Return Value",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

66
tests/testdata/outputs_expected/returnvalue.sol.o.jsonv2 vendored
Unescape View File

@ -1,66 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "196:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "285:1:0"
}
],
"severity": "Medium",
"swcID": "SWC-107",
"swcTitle": "Reentrancy"
},
{
"description": {
"head": "The return value of a message call is not checked.",
"tail": "External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "285:1:0"
}
],
"severity": "Low",
"swcID": "SWC-104",
"swcTitle": "Unchecked Call Return Value"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0xb191cf6cc0d8cc37a91c9d88019cc011b932169fb5776df616e2bb9cd93b4039"
],
"sourceType": "raw-bytecode"
}
]

40
tests/testdata/outputs_expected/returnvalue.sol.o.markdown vendored
Unescape View File

@ -1,40 +0,0 @@
# Analysis results for test-filename.sol
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `callchecked()`
- PC address: 196
- Estimated Gas Usage: 599 - 1210
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## External Call To User-Supplied Address
- SWC ID: 107
- Severity: Medium
- Contract: Unknown
- Function name: `callnotchecked()`
- PC address: 285
- Estimated Gas Usage: 621 - 1232
### Description
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
## Unchecked Call Return Value
- SWC ID: 104
- Severity: Low
- Contract: Unknown
- Function name: `callnotchecked()`
- PC address: 285
- Estimated Gas Usage: 1339 - 35950
### Description
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.

33
tests/testdata/outputs_expected/returnvalue.sol.o.text vendored
Unescape View File

@ -1,33 +0,0 @@
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: callchecked()
PC address: 196
Estimated Gas Usage: 599 - 1210
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== External Call To User-Supplied Address ====
SWC ID: 107
Severity: Medium
Contract: Unknown
Function name: callnotchecked()
PC address: 285
Estimated Gas Usage: 621 - 1232
A call to a user-supplied address is executed.
The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
--------------------
==== Unchecked Call Return Value ====
SWC ID: 104
Severity: Low
Contract: Unknown
Function name: callnotchecked()
PC address: 285
Estimated Gas Usage: 1339 - 35950
The return value of a message call is not checked.
External calls return a boolean value. If the callee contract halts with an exception, 'false' is returned and execution continues in the caller. It is usually recommended to wrap external calls into a require statement to prevent unexpected states.
--------------------

19
tests/testdata/outputs_expected/suicide.sol.o.json vendored
Unescape View File

@ -1,19 +0,0 @@
{
"error": null,
"issues": [
{
"address": 146,
"contract": "Unknown",
"description": "The contract can be killed by anyone.\nAnyone can kill this contract and withdraw its balance to an arbitrary address.",
"function": "kill(address)",
"max_gas_used": 263,
"min_gas_used": 168,
"severity": "High",
"sourceMap": null,
"swc-id": "106",
"title": "Unprotected Selfdestruct",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

30
tests/testdata/outputs_expected/suicide.sol.o.jsonv2 vendored
Unescape View File

@ -1,30 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "The contract can be killed by anyone.",
"tail": "Anyone can kill this contract and withdraw its balance to an arbitrary address."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "146:1:0"
}
],
"severity": "High",
"swcID": "SWC-106",
"swcTitle": "Unprotected SELFDESTRUCT Instruction"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0x2fb801366b61a05b30550481a1c8f7d5f20de0b93d9f2f2ce2b28c4e322033c9"
],
"sourceType": "raw-bytecode"
}
]

14
tests/testdata/outputs_expected/suicide.sol.o.markdown vendored
Unescape View File

@ -1,14 +0,0 @@
# Analysis results for test-filename.sol
## Unprotected Selfdestruct
- SWC ID: 106
- Severity: High
- Contract: Unknown
- Function name: `kill(address)`
- PC address: 146
- Estimated Gas Usage: 168 - 263
### Description
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.

11
tests/testdata/outputs_expected/suicide.sol.o.text vendored
Unescape View File

@ -1,11 +0,0 @@
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: Unknown
Function name: kill(address)
PC address: 146
Estimated Gas Usage: 168 - 263
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.
--------------------

45
tests/testdata/outputs_expected/underflow.sol.o.json vendored
Unescape View File

@ -1,45 +0,0 @@
{
"error": null,
"issues": [
{
"address": 567,
"contract": "Unknown",
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 52861,
"min_gas_used": 11915,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Underflow",
"tx_sequence": "<TX-DATA>"
},
{
"address": 649,
"contract": "Unknown",
"description": "The binary subtraction can underflow.\nThe operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 52861,
"min_gas_used": 11915,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Underflow",
"tx_sequence": "<TX-DATA>"
},
{
"address": 725,
"contract": "Unknown",
"description": "The binary addition can overflow.\nThe operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.",
"function": "sendeth(address,uint256)",
"max_gas_used": 52861,
"min_gas_used": 11915,
"severity": "High",
"sourceMap": null,
"swc-id": "101",
"title": "Integer Overflow",
"tx_sequence": "<TX-DATA>"
}
],
"success": true
}

66
tests/testdata/outputs_expected/underflow.sol.o.jsonv2 vendored
Unescape View File

@ -1,66 +0,0 @@
[
{
"issues": [
{
"description": {
"head": "The binary subtraction can underflow.",
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "567:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
},
{
"description": {
"head": "The binary subtraction can underflow.",
"tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "649:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
},
{
"description": {
"head": "The binary addition can overflow.",
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
},
"extra": {
"discoveryTime": "<DISCOVERY-TIME-DATA>",
"testCase": "<TEST-CASE>"
},
"locations": [
{
"sourceMap": "725:1:0"
}
],
"severity": "High",
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow"
}
],
"meta": {},
"sourceFormat": "evm-byzantium-bytecode",
"sourceList": [
"0xabef56740bf7795a9f8732e4781ebd27f2977f8a4997e3ff11cee79a4ba6c0ce"
],
"sourceType": "raw-bytecode"
}
]

40
tests/testdata/outputs_expected/underflow.sol.o.markdown vendored
Unescape View File

@ -1,40 +0,0 @@
# Analysis results for test-filename.sol
## Integer Underflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 567
- Estimated Gas Usage: 11915 - 52861
### Description
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
## Integer Underflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 649
- Estimated Gas Usage: 11915 - 52861
### Description
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
## Integer Overflow
- SWC ID: 101
- Severity: High
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- Estimated Gas Usage: 11915 - 52861
### Description
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.

33
tests/testdata/outputs_expected/underflow.sol.o.text vendored
Unescape View File

@ -1,33 +0,0 @@
==== Integer Underflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 567
Estimated Gas Usage: 11915 - 52861
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
--------------------
==== Integer Underflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 649
Estimated Gas Usage: 11915 - 52861
The binary subtraction can underflow.
The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
--------------------
==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
Estimated Gas Usage: 11915 - 52861
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
Write Preview
Loading…
Cancel
Save