TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Filter for common false positives

Browse Source
pull/30/head
Bernhard Mueller 7 years ago
parent 53a01679f9
commit d7aac850a4
2 changed files with 9 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      mythril/analysis/modules/delegatecall_forward.py
  2. 12
      mythril/analysis/modules/integer_underflow.py

2
mythril/analysis/modules/delegatecall_forward.py
Unescape View File

@ -37,7 +37,7 @@ def execute(statespace):
issue = Issue(call.node.module_name, call.node.function_name, call.addr, "CALLDATA forwarded with delegatecall()", "Informational")
issue.description = \
"The contract '" + str(call.node.module_name) + "' forwards its calldata via DELEGATECALL in its fallback function. " \
"This contract forwards its calldata via DELEGATECALL in its fallback function. " \
"This means that any function in the called contract can be executed. Note that the callee contract will have access to the storage of the calling contract.\n"
if (call.to.type == VarType.CONCRETE):

12
mythril/analysis/modules/integer_underflow.py
Unescape View File

@ -36,10 +36,14 @@ def execute(statespace):
if (type(op0) == int and type(op1) == int):
continue
if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)):
# Filter for a common pattern that contains an possible (but Ion-exploitable) Integer overflow and subsequent underflow.
# The pattern looks as follows: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
# There's a few other things that sometimes pop up which still need to be investigated.
if re.search(r'\d* \+ calldata', str(op0)) and re.search(r'\d+', str(op1)) or re.search(r'256\*If\(1', str(op0)):
# Filter for patterns that contain possible (but apparently non-exploitable) Integer overflows.
# Pattern 1: (96 + calldatasize_MAIN) - (96), where (96 + calldatasize_MAIN) would overflow if calldatasize is very large.
# Pattern 2: (256*If(1 & storage_0 == 0, 1, 0)) - 1, this would underlow if storage_0 = 0
# Both seem to be standard compiler outputs that pop up in many contracts.
# They are probably intentional but more research is needed.
continue

Write Preview
Loading…
Cancel
Save