From d414eec349fa3129d9d63d03bc4cbfcdeebdac17 Mon Sep 17 00:00:00 2001 From: Bernhard Mueller Date: Thu, 27 Jun 2019 20:52:47 +0200 Subject: [PATCH] Consider potential overflows when result is used as call value --- mythril/analysis/modules/integer.py | 30 ++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/mythril/analysis/modules/integer.py b/mythril/analysis/modules/integer.py index b2e58ca8..a11f5d15 100644 --- a/mythril/analysis/modules/integer.py +++ b/mythril/analysis/modules/integer.py @@ -75,7 +75,17 @@ class IntegerOverflowUnderflowModule(DetectionModule): "there's a possible state where op1 + op0 > 2^32 - 1" ), entrypoint="callback", - pre_hooks=["ADD", "MUL", "EXP", "SUB", "SSTORE", "JUMPI", "STOP", "RETURN"], + pre_hooks=[ + "ADD", + "MUL", + "EXP", + "SUB", + "SSTORE", + "JUMPI", + "STOP", + "RETURN", + "CALL", + ], ) """ @@ -121,6 +131,7 @@ class IntegerOverflowUnderflowModule(DetectionModule): "MUL": [self._handle_mul], "SSTORE": [self._handle_sstore], "JUMPI": [self._handle_jumpi], + "CALL": [self._handle_call], "RETURN": [self._handle_return, self._handle_transaction_end], "STOP": [self._handle_transaction_end], "EXP": [self._handle_exp], @@ -250,6 +261,23 @@ class IntegerOverflowUnderflowModule(DetectionModule): state_annotation.overflowing_state_annotations.append(annotation) state_annotation.ostates_seen.add(annotation.overflowing_state) + @staticmethod + def _handle_call(state): + + stack = state.mstate.stack + value = stack[-3] + + state_annotation = _get_overflowunderflow_state_annotation(state) + + for annotation in value.annotations: + if ( + not isinstance(annotation, OverUnderflowAnnotation) + or annotation.overflowing_state in state_annotation.ostates_seen + ): + continue + state_annotation.overflowing_state_annotations.append(annotation) + state_annotation.ostates_seen.add(annotation.overflowing_state) + @staticmethod def _handle_return(state: GlobalState) -> None: """