|
|
|
@ -6,6 +6,7 @@ from mythril.ether import util |
|
|
|
from mythril.ether.ethcontract import ETHContract |
|
|
|
from mythril.ether.ethcontract import ETHContract |
|
|
|
from mythril.analysis.security import fire_lasers |
|
|
|
from mythril.analysis.security import fire_lasers |
|
|
|
from mythril.analysis.symbolic import StateSpace |
|
|
|
from mythril.analysis.symbolic import StateSpace |
|
|
|
|
|
|
|
from mythril.analysis.report import Report |
|
|
|
from laser.ethereum import helper |
|
|
|
from laser.ethereum import helper |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -37,51 +38,51 @@ def analyze_truffle_project(): |
|
|
|
|
|
|
|
|
|
|
|
ethcontract= ETHContract(bytecode, name=name, address = util.get_indexed_address(0)) |
|
|
|
ethcontract= ETHContract(bytecode, name=name, address = util.get_indexed_address(0)) |
|
|
|
|
|
|
|
|
|
|
|
contracts = [ethcontract] |
|
|
|
states = StateSpace([ethcontract], max_depth = 10) |
|
|
|
|
|
|
|
issues = fire_lasers(states) |
|
|
|
|
|
|
|
|
|
|
|
states = StateSpace(contracts, max_depth = 10) |
|
|
|
if not len(issues): |
|
|
|
report = fire_lasers(states) |
|
|
|
print("Analysis result for " + name + ": No issues found.") |
|
|
|
|
|
|
|
|
|
|
|
# augment with source code |
|
|
|
else: |
|
|
|
|
|
|
|
|
|
|
|
disassembly = ethcontract.get_disassembly() |
|
|
|
report = Report() |
|
|
|
source = contractdata['source'] |
|
|
|
# augment with source code |
|
|
|
|
|
|
|
|
|
|
|
deployedSourceMap = contractdata['deployedSourceMap'].split(";") |
|
|
|
disassembly = ethcontract.get_disassembly() |
|
|
|
|
|
|
|
source = contractdata['source'] |
|
|
|
|
|
|
|
|
|
|
|
mappings = [] |
|
|
|
deployedSourceMap = contractdata['deployedSourceMap'].split(";") |
|
|
|
i = 0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
while(i < len(deployedSourceMap)): |
|
|
|
mappings = [] |
|
|
|
|
|
|
|
i = 0 |
|
|
|
|
|
|
|
|
|
|
|
m = re.search(r"^(\d+):*(\d+)", deployedSourceMap[i]) |
|
|
|
while(i < len(deployedSourceMap)): |
|
|
|
|
|
|
|
|
|
|
|
if (m): |
|
|
|
m = re.search(r"^(\d+):*(\d+)", deployedSourceMap[i]) |
|
|
|
offset = m.group(1) |
|
|
|
|
|
|
|
length = m.group(2) |
|
|
|
|
|
|
|
else: |
|
|
|
|
|
|
|
m = re.search(r"^:(\d+)", deployedSourceMap[i]) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if m: |
|
|
|
if (m): |
|
|
|
length = m.group(1) |
|
|
|
offset = m.group(1) |
|
|
|
|
|
|
|
length = m.group(2) |
|
|
|
|
|
|
|
else: |
|
|
|
|
|
|
|
m = re.search(r"^:(\d+)", deployedSourceMap[i]) |
|
|
|
|
|
|
|
|
|
|
|
mappings.append((int(offset), int(length))) |
|
|
|
if m: |
|
|
|
|
|
|
|
length = m.group(1) |
|
|
|
|
|
|
|
|
|
|
|
i += 1 |
|
|
|
mappings.append((int(offset), int(length))) |
|
|
|
|
|
|
|
|
|
|
|
for key, issue in report.issues.items(): |
|
|
|
i += 1 |
|
|
|
|
|
|
|
|
|
|
|
index = helper.get_instruction_index(disassembly.instruction_list, issue.pc) |
|
|
|
for issue in issues: |
|
|
|
|
|
|
|
|
|
|
|
if index: |
|
|
|
index = helper.get_instruction_index(disassembly.instruction_list, issue.pc) |
|
|
|
issue.code_start = mappings[index][0] |
|
|
|
|
|
|
|
issue.code_length = mappings[index][1] |
|
|
|
|
|
|
|
issue.code = source[mappings[index][0]: mappings[index][0] + mappings[index][1]] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if index: |
|
|
|
|
|
|
|
issue.code_start = mappings[index][0] |
|
|
|
|
|
|
|
issue.code_length = mappings[index][1] |
|
|
|
|
|
|
|
issue.code = source[mappings[index][0]: mappings[index][0] + mappings[index][1]] |
|
|
|
|
|
|
|
|
|
|
|
if len(report.issues): |
|
|
|
report.append_issue(issue) |
|
|
|
print("Analysis result for " + name + ":\n" + report.as_text()) |
|
|
|
|
|
|
|
else: |
|
|
|
|
|
|
|
print("Analysis result for " + name + ": No issues found.") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
print("Analysis result for " + name + ":\n" + report.as_text()) |
|
|
|
|
Bernhard Mueller
7 years ago