mirror of https://github.com/ConsenSys/mythril
blockchainethereumsmart-contractssoliditysecurityprogram-analysissecurity-analysissymbolic-execution
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 lines
2.7 KiB
109 lines
2.7 KiB
# Analysis Results
|
|
## Ether send
|
|
- Type: Warning
|
|
- Contract: Crowdfunding
|
|
- Function name: withdrawfunds()
|
|
- PC address: 816
|
|
|
|
### Description
|
|
In the function 'withdrawfunds()' a non-zero amount of Ether is sent to msg.sender.
|
|
Call value is balance_at_1461501637330902918203684832716283019655932542975 & address.
|
|
|
|
There is a check on storage index 7. This storage slot can be written to by calling the function 'crowdfunding()'.
|
|
|
|
In *ether_send.sol:*
|
|
|
|
```
|
|
msg.sender.transfer(this.balance)
|
|
```
|
|
## Use of tx.origin
|
|
- Type: Warning
|
|
- Contract: Origin
|
|
- Function name: transferOwnership(address)
|
|
- PC address: 317
|
|
|
|
### Description
|
|
Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead.
|
|
See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin
|
|
|
|
In *origin.sol:*
|
|
|
|
```
|
|
tx.origin
|
|
```
|
|
## CALL with gas to dynamic address
|
|
- Type: Warning
|
|
- Contract: Reentrancy
|
|
- Function name: withdraw(uint256)
|
|
- PC address: 552
|
|
|
|
### Description
|
|
The function withdraw(uint256) contains a function call to the address of the transaction sender. The available gas is forwarded to the called contract. Make sure that the logic of the calling contract is not adversely affected if the called contract misbehaves (e.g. reentrancy).
|
|
|
|
In *reentrancy.sol:*
|
|
|
|
```
|
|
msg.sender.call.value(_amount)()
|
|
```
|
|
## Unchecked CALL return value
|
|
- Type: Informational
|
|
- Contract: Reentrancy
|
|
- Function name: withdraw(uint256)
|
|
- PC address: 552
|
|
|
|
### Description
|
|
The function withdraw(uint256) contains a call to msg.sender.
|
|
The return value of this call is not checked. Note that the function will continue to execute with a return value of '0' if the called contract throws.
|
|
|
|
In *reentrancy.sol:*
|
|
|
|
```
|
|
msg.sender.call.value(_amount)()
|
|
```
|
|
## Integer Underflow
|
|
- Type: Warning
|
|
- Contract: Under
|
|
- Function name: sendeth(address,uint256)
|
|
- PC address: 649
|
|
|
|
### Description
|
|
A possible integer underflow exists in the function sendeth(address,uint256).
|
|
The SUB instruction at address 649 may result in a value < 0.
|
|
|
|
In *underflow.sol:*
|
|
|
|
```
|
|
balances[msg.sender] -= _value
|
|
```
|
|
## Integer Underflow
|
|
- Type: Warning
|
|
- Contract: Under
|
|
- Function name: sendeth(address,uint256)
|
|
- PC address: 567
|
|
|
|
### Description
|
|
A possible integer underflow exists in the function sendeth(address,uint256).
|
|
The SUB instruction at address 567 may result in a value < 0.
|
|
|
|
In *underflow.sol:*
|
|
|
|
```
|
|
balances[msg.sender] - _value
|
|
```
|
|
## Weak random
|
|
- Type: Warning
|
|
- Contract: WeakRandom
|
|
- Function name: _function_0xe9874106
|
|
- PC address: 1285
|
|
|
|
### Description
|
|
In the function '_function_0xe9874106' the following predictable state variables are used to determine Ether recipient:
|
|
- block.coinbase
|
|
|
|
|
|
In *weak_random.sol:*
|
|
|
|
```
|
|
winningAddress.transfer(prize)
|
|
```
|
|
|
|
|