From d7aac850a4e17bd17f7b975eb1c8a691956bebb7 Mon Sep 17 00:00:00 2001
From: Bernhard Mueller <bernhard.mueller11@gmail.com>
Date: Sun, 19 Nov 2017 16:17:26 +0700
Subject: [PATCH] Filter for common false positives

---
 mythril/analysis/modules/delegatecall_forward.py |  2 +-
 mythril/analysis/modules/integer_underflow.py    | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/mythril/analysis/modules/delegatecall_forward.py b/mythril/analysis/modules/delegatecall_forward.py
index c9745c09..d0e4cf60 100644
--- a/mythril/analysis/modules/delegatecall_forward.py
+++ b/mythril/analysis/modules/delegatecall_forward.py
@@ -37,7 +37,7 @@ def execute(statespace):
                     issue = Issue(call.node.module_name, call.node.function_name, call.addr, "CALLDATA forwarded with delegatecall()", "Informational")
 
                     issue.description = \
-                        "The contract '" +  str(call.node.module_name)  + "' forwards its calldata via DELEGATECALL in its fallback function. " \
+                        "This contract forwards its calldata via DELEGATECALL in its fallback function. " \
                         "This means that any function in the called contract can be executed. Note that the callee contract will have access to the storage of the calling contract.\n"   
                     
                     if (call.to.type == VarType.CONCRETE):
diff --git a/mythril/analysis/modules/integer_underflow.py b/mythril/analysis/modules/integer_underflow.py
index 9f043182..0e976c11 100644
--- a/mythril/analysis/modules/integer_underflow.py
+++ b/mythril/analysis/modules/integer_underflow.py
@@ -36,10 +36,14 @@ def execute(statespace):
                 if (type(op0) == int and type(op1) == int):
                     continue
 
-                if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)):
-                    # Filter for a common pattern that contains an possible (but Ion-exploitable) Integer overflow and subsequent underflow.
-                    # The pattern looks as follows: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
-                    # There's a few other things that sometimes pop up which still need to be investigated.
+                if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)) or re.search(r'256\*If\(1', str(op0)):
+                    # Filter for patterns that contain possible (but apparently non-exploitable) Integer overflows.
+
+                    # Pattern 1: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
+                    # Pattern 2: (256*If(1 & storage_0 == 0, 1, 0)) - 1, this would underlow if storage_0 = 0
+
+                    # Both seem to be standard compiler outputs that pop up in many contracts.
+                    # They are probably intentional but more research is needed.
 
                     continue