TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Filter for common false positives

Browse Source
pull/30/head
Bernhard Mueller 7 years ago
parent 53a01679f9
commit d7aac850a4
2 changed files with 9 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      mythril/analysis/modules/delegatecall_forward.py
  2. 12
      mythril/analysis/modules/integer_underflow.py

2
mythril/analysis/modules/delegatecall_forward.py
Unescape View File

@ -37,7 +37,7 @@ def execute(statespace):
issue = Issue(call.node.module_name, call.node.function_name, call.addr, "CALLDATA forwarded with delegatecall()", "Informational") issue = Issue(call.node.module_name, call.node.function_name, call.addr, "CALLDATA forwarded with delegatecall()", "Informational")
issue.description = \ issue.description = \
"The contract '" + str(call.node.module_name) + "' forwards its calldata via DELEGATECALL in its fallback function. " \ "This contract forwards its calldata via DELEGATECALL in its fallback function. " \
"This means that any function in the called contract can be executed. Note that the callee contract will have access to the storage of the calling contract.\n" "This means that any function in the called contract can be executed. Note that the callee contract will have access to the storage of the calling contract.\n"
if (call.to.type == VarType.CONCRETE): if (call.to.type == VarType.CONCRETE):

12
mythril/analysis/modules/integer_underflow.py
Unescape View File

@ -36,10 +36,14 @@ def execute(statespace):
if (type(op0) == int and type(op1) == int): if (type(op0) == int and type(op1) == int):
continue continue
if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)): if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)) or re.search(r'256\*If\(1', str(op0)):
# Filter for a common pattern that contains an possible (but Ion-exploitable) Integer overflow and subsequent underflow. # Filter for patterns that contain possible (but apparently non-exploitable) Integer overflows.
# The pattern looks as follows: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
# There's a few other things that sometimes pop up which still need to be investigated. # Pattern 1: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
# Pattern 2: (256*If(1 & storage_0 == 0, 1, 0)) - 1, this would underlow if storage_0 = 0
# Both seem to be standard compiler outputs that pop up in many contracts.
# They are probably intentional but more research is needed.
continue continue

Write Preview
Loading…
Cancel
Save