├── .gitignore ├── LICENSE ├── README.md ├── benchmarks ├── assert_constructor.sol ├── assert_minimal.sol ├── assert_multitx_1.sol ├── assert_multitx_2.sol ├── assert_require.sol ├── assert_sym.sol ├── attribute_store.sol ├── eth_tx_order_dependence_2.sol ├── eth_tx_order_dependence_minimal.sol ├── eth_tx_order_dependence_multitx_1.sol ├── eth_tx_order_dependence_puzzle.sol ├── integer_overflow_add.md ├── integer_overflow_add.sol ├── integer_overflow_benign_1.md ├── integer_overflow_benign_1.sol ├── integer_overflow_benign_2.md ├── integer_overflow_benign_2.sol ├── integer_overflow_bytes_param.sol ├── integer_overflow_dynarray.sol ├── integer_overflow_mapping_mapping.sol ├── integer_overflow_mapping_staticarray.sol ├── integer_overflow_mapping_strkey.sol ├── integer_overflow_mapping_struct.sol ├── integer_overflow_mapping_sym_1.sol ├── integer_overflow_mapping_sym_2.sol ├── integer_overflow_mapping_word.sol ├── integer_overflow_minimal.sol ├── integer_overflow_mul.sol ├── integer_overflow_multitx_multifunc_feasible.sol ├── integer_overflow_multitx_onefunc_feasible.sol ├── integer_overflow_multitx_onefunc_infeasible.sol ├── integer_overflow_path_1.sol ├── integer_overflow_staticarray.sol ├── integer_overflow_storageinvariant.sol ├── integer_overflow_storagepacking.sol ├── reentrancy_dao.sol ├── reentrancy_dao_fixed.sol └── reentrancy_nostateeffect.sol └── html ├── index.html ├── run_manticoregit_assert_constructor_2a590fb3-5a4e-49e2-bc94-3497c29c5ac3 ├── assert_constructor.sol └── out.txt ├── run_manticoregit_assert_minimal_2b1c742b-c80a-44b9-ac94-443e1f55536e ├── assert_minimal.sol └── out.txt ├── run_manticoregit_assert_multitx_1_9892f4f1-87f1-4733-9668-b717ad3582ba ├── assert_multitx_1.sol └── out.txt ├── run_manticoregit_assert_multitx_2_e921b8dc-9b47-43e0-be2b-1f8affd41333 ├── assert_multitx_2.sol └── out.txt ├── run_manticoregit_assert_require_11ff664a-2282-4fe7-816e-db8109aca109 ├── assert_require.sol └── out.txt ├── run_manticoregit_assert_sym_236dbbf5-55d2-45f1-ae80-58645a9b30b5 ├── assert_sym.sol └── out.txt ├── run_manticoregit_attribute_store_1676c676-cadb-48d0-b9dc-fa1785cb3f56 ├── attribute_store.sol └── out.txt ├── run_manticoregit_eth_tx_order_dependence_2_0cd8a357-98fd-4934-9186-fdcec3e8c853 ├── eth_tx_order_dependence_2.sol └── out.txt ├── run_manticoregit_eth_tx_order_dependence_minimal_e7b579f5-4a84-46b4-afc2-bbfc67cc5a21 ├── eth_tx_order_dependence_minimal.sol └── out.txt ├── run_manticoregit_eth_tx_order_dependence_multitx_1_b20df959-48e3-4dc3-88a2-e37b05de1e02 ├── eth_tx_order_dependence_multitx_1.sol └── out.txt ├── run_manticoregit_eth_tx_order_dependence_puzzle_29773d2f-87e4-4d99-8e0c-8459d6cd13ff ├── eth_tx_order_dependence_puzzle.sol └── out.txt ├── run_manticoregit_integer_overflow_add_705032e4-1ccf-4521-990c-a49bfca91903 ├── integer_overflow_add.sol └── out.txt ├── run_manticoregit_integer_overflow_benign_1_f6740651-2cdd-4601-b557-b00519e62c2f ├── integer_overflow_benign_1.sol └── out.txt ├── run_manticoregit_integer_overflow_benign_2_05b13a6e-2889-4d3b-8725-cd30d84210a2 ├── integer_overflow_benign_2.sol └── out.txt ├── run_manticoregit_integer_overflow_bytes_param_16d6b8b6-934c-4ba8-b99a-2211d5763820 ├── integer_overflow_bytes_param.sol └── out.txt ├── run_manticoregit_integer_overflow_dynarray_ee6c1c0a-e6a1-41ec-91cb-d334635e103c ├── integer_overflow_dynarray.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_mapping_e3c89cbd-7ad8-446e-a135-8ccc02b3123b ├── integer_overflow_mapping_mapping.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_staticarray_37cccb9c-ccbc-4329-86e1-ab5556ac4ff9 ├── integer_overflow_mapping_staticarray.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_strkey_b04dbe79-b3cf-44b5-919d-84a6c12e424e ├── integer_overflow_mapping_strkey.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_struct_8a67c8f7-1a46-4cb8-a2d8-bf96d1ee710b ├── integer_overflow_mapping_struct.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_sym_1_b681b0a3-e66c-4aaa-8101-2c5a6a1dc4ee ├── integer_overflow_mapping_sym_1.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_sym_2_626210c6-257c-4a07-a5b8-dbc8fb504faa ├── integer_overflow_mapping_sym_2.sol └── out.txt ├── run_manticoregit_integer_overflow_mapping_word_856cbc26-010d-4b9e-b336-029af2f7e260 ├── integer_overflow_mapping_word.sol └── out.txt ├── run_manticoregit_integer_overflow_minimal_c7aff662-d06e-4cbb-84de-74de1e0049fa ├── integer_overflow_minimal.sol └── out.txt ├── run_manticoregit_integer_overflow_mul_01adcc26-80e7-42c5-9985-cd6ffd9a0ebb ├── integer_overflow_mul.sol └── out.txt ├── run_manticoregit_integer_overflow_multitx_multifunc_feasible_87dd44e9-7e42-412a-9992-dea91036fee9 ├── integer_overflow_multitx_multifunc_feasible.sol └── out.txt ├── run_manticoregit_integer_overflow_multitx_onefunc_feasible_74553f48-88d7-482c-b4b5-1a3acb34b8fc ├── integer_overflow_multitx_onefunc_feasible.sol └── out.txt ├── run_manticoregit_integer_overflow_multitx_onefunc_infeasible_fac3086a-26b1-4591-b0aa-023be61e7686 ├── integer_overflow_multitx_onefunc_infeasible.sol └── out.txt ├── run_manticoregit_integer_overflow_path_1_4a52ffba-4f65-49d9-9a9e-b0b16d04c64b ├── integer_overflow_path_1.sol └── out.txt ├── run_manticoregit_integer_overflow_staticarray_c8e66512-ab73-4964-8475-e366c1656f9e ├── integer_overflow_staticarray.sol └── out.txt ├── run_manticoregit_integer_overflow_storageinvariant_2f1e83b8-42f6-4235-9c02-d71b5bd6252a ├── integer_overflow_storageinvariant.sol └── out.txt ├── run_manticoregit_integer_overflow_storagepacking_7fb88339-0d0a-48b2-953b-52b54c744b84 ├── integer_overflow_storagepacking.sol └── out.txt ├── run_manticoregit_reentrancy_dao_0e2feb0e-d2b4-44f0-ad3c-97f41eb00cd3 ├── out.txt └── reentrancy_dao.sol ├── run_manticoregit_reentrancy_dao_fixed_646e1ba2-a739-4a59-8f4d-571522619074 ├── out.txt └── reentrancy_dao_fixed.sol ├── run_manticoregit_reentrancy_nostateeffect_058bc89e-37bf-489e-9338-3e205e71169b ├── out.txt └── reentrancy_nostateeffect.sol ├── run_mythrilpip_assert_constructor_321453cf-47aa-4124-b893-bb485ffe3d09 ├── assert_constructor.sol └── out.txt ├── run_mythrilpip_assert_minimal_7e4898fa-b55c-41e6-a8bc-ce6fe2b4f8b2 ├── assert_minimal.sol └── out.txt ├── run_mythrilpip_assert_multitx_1_a7829247-3cf7-42eb-a47c-84331bd3ebbd ├── assert_multitx_1.sol └── out.txt ├── run_mythrilpip_assert_multitx_2_e520b1c9-0793-4ea2-98d2-3828768a1b38 ├── assert_multitx_2.sol └── out.txt ├── run_mythrilpip_assert_require_d977d095-7c01-43dd-acf0-0d23be352ed9 ├── assert_require.sol └── out.txt ├── run_mythrilpip_assert_sym_7f01396f-8c81-4628-8e1e-e57595ed39b4 ├── assert_sym.sol └── out.txt ├── run_mythrilpip_attribute_store_eca5c65f-0951-42ed-a21b-e20ceb637198 ├── attribute_store.sol └── out.txt ├── run_mythrilpip_eth_tx_order_dependence_2_cf4734a1-effd-4831-a51b-5b2f1f5fbe2f ├── eth_tx_order_dependence_2.sol └── out.txt ├── run_mythrilpip_eth_tx_order_dependence_minimal_26ca4434-c510-4c44-b544-5cc82b2a1464 ├── eth_tx_order_dependence_minimal.sol └── out.txt ├── run_mythrilpip_eth_tx_order_dependence_multitx_1_a2a7e6d2-fcd6-4bd1-a5c5-43dd02825883 ├── eth_tx_order_dependence_multitx_1.sol └── out.txt ├── run_mythrilpip_eth_tx_order_dependence_puzzle_06614296-6630-47a4-aa49-90112e16fdbb ├── eth_tx_order_dependence_puzzle.sol └── out.txt ├── run_mythrilpip_integer_overflow_add_ea90f677-9535-43fd-9d7f-1bb9a54f08d5 ├── integer_overflow_add.sol └── out.txt ├── run_mythrilpip_integer_overflow_benign_1_b3eaf6b7-ea3e-43a8-87eb-92e7028de696 ├── integer_overflow_benign_1.sol └── out.txt ├── run_mythrilpip_integer_overflow_benign_2_4c62ea0e-e4a8-48b8-af92-ee5d37fd91d0 ├── integer_overflow_benign_2.sol └── out.txt ├── run_mythrilpip_integer_overflow_bytes_param_0d6b60de-ae0f-49f4-8422-ea173d920ff0 ├── integer_overflow_bytes_param.sol └── out.txt ├── run_mythrilpip_integer_overflow_dynarray_f33d1a1d-33d8-422c-b0be-01ebdba823a3 ├── integer_overflow_dynarray.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_mapping_199d3dba-f771-46d4-9569-b64f071b599d ├── integer_overflow_mapping_mapping.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_staticarray_ece4d259-f086-4b53-bd6c-0e2d488ee0a7 ├── integer_overflow_mapping_staticarray.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_strkey_1ac8db10-c690-4166-ab04-91947b2b692f ├── integer_overflow_mapping_strkey.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_struct_4bd1f855-8a65-4363-b3d5-7a1b16ffe74b ├── integer_overflow_mapping_struct.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_sym_1_064701b9-4253-4299-b4d3-3e6ac923e292 ├── integer_overflow_mapping_sym_1.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_sym_2_4e884b75-19ea-4757-9528-2ed08e5e5bb6 ├── integer_overflow_mapping_sym_2.sol └── out.txt ├── run_mythrilpip_integer_overflow_mapping_word_a8dc79d7-6757-4804-b99f-8bd0950e3fb2 ├── integer_overflow_mapping_word.sol └── out.txt ├── run_mythrilpip_integer_overflow_minimal_7a6af87d-f06f-42be-a249-198156c6a22c ├── integer_overflow_minimal.sol └── out.txt ├── run_mythrilpip_integer_overflow_mul_4f311d40-2d7f-4392-bec4-c6ecb2893f81 ├── integer_overflow_mul.sol └── out.txt ├── run_mythrilpip_integer_overflow_multitx_multifunc_feasible_e705745f-0e49-4931-88dd-38c4e4c2f22b ├── integer_overflow_multitx_multifunc_feasible.sol └── out.txt ├── run_mythrilpip_integer_overflow_multitx_onefunc_feasible_5f36bb18-6192-4d9e-856e-10d50af5a158 ├── integer_overflow_multitx_onefunc_feasible.sol └── out.txt ├── run_mythrilpip_integer_overflow_multitx_onefunc_infeasible_6b9d64a3-ee03-4b14-87ea-4a9a1d23c2a0 ├── integer_overflow_multitx_onefunc_infeasible.sol └── out.txt ├── run_mythrilpip_integer_overflow_path_1_4fe5e769-3231-4104-b11d-482d86cf1e9f ├── integer_overflow_path_1.sol └── out.txt ├── run_mythrilpip_integer_overflow_staticarray_0ec2886b-a710-47b0-ae54-8bc72ebae4ea ├── integer_overflow_staticarray.sol └── out.txt ├── run_mythrilpip_integer_overflow_storageinvariant_21167a8f-1e43-4784-82b9-1a2de964a0cb ├── integer_overflow_storageinvariant.sol └── out.txt ├── run_mythrilpip_integer_overflow_storagepacking_e23bc27a-d131-43eb-b40c-8d9b38b368ec ├── integer_overflow_storagepacking.sol └── out.txt ├── run_mythrilpip_reentrancy_dao_77f67243-c7fc-4999-b018-1069b1ff96a8 ├── out.txt └── reentrancy_dao.sol ├── run_mythrilpip_reentrancy_dao_fixed_124cdf63-b8a9-4ca5-b2a0-62a7946d63d5 ├── out.txt └── reentrancy_dao_fixed.sol ├── run_mythrilpip_reentrancy_nostateeffect_6c7cc0f9-b882-40da-ae46-40090033f3d6 ├── out.txt └── reentrancy_nostateeffect.sol ├── run_oyentepip_assert_constructor_0f071cbd-7dda-48e0-bc66-808f0d7a0256 ├── assert_constructor.sol └── out.txt ├── run_oyentepip_assert_minimal_85aecf62-6216-454b-80ac-f5e1bc49b2a3 ├── assert_minimal.sol └── out.txt ├── run_oyentepip_assert_multitx_1_5a865002-02a4-4b83-95da-9739ac3e750a ├── assert_multitx_1.sol └── out.txt ├── run_oyentepip_assert_multitx_2_84c101df-6ef3-4594-89bd-9cd3e99e6d15 ├── assert_multitx_2.sol └── out.txt ├── run_oyentepip_assert_require_56b7de96-8d57-4da0-a149-d1beba0b0a24 ├── assert_require.sol └── out.txt ├── run_oyentepip_assert_sym_418cc2d2-625e-46cd-a3fa-23bdba7f4307 ├── assert_sym.sol └── out.txt ├── run_oyentepip_attribute_store_b42b2a92-3307-488e-b526-0818e41bffe7 ├── attribute_store.sol └── out.txt ├── run_oyentepip_eth_tx_order_dependence_2_ea758025-c8c1-4564-9d27-ca45ea9a2c5e ├── eth_tx_order_dependence_2.sol └── out.txt ├── run_oyentepip_eth_tx_order_dependence_minimal_4b3fc469-5cf7-4dce-9d65-55a0f59e3c2e ├── eth_tx_order_dependence_minimal.sol └── out.txt ├── run_oyentepip_eth_tx_order_dependence_multitx_1_4aa5152c-2e12-48e1-8623-916d8f9a0cfc ├── eth_tx_order_dependence_multitx_1.sol └── out.txt ├── run_oyentepip_eth_tx_order_dependence_puzzle_c0b5dcaf-c87a-4957-99ca-8f72786650ce ├── eth_tx_order_dependence_puzzle.sol └── out.txt ├── run_oyentepip_integer_overflow_add_7a932dee-ccbb-4004-b6b3-614fc0e041ab ├── integer_overflow_add.sol └── out.txt ├── run_oyentepip_integer_overflow_benign_1_18bbc797-f3f2-41a0-90c6-8c72141a62fe ├── integer_overflow_benign_1.sol └── out.txt ├── run_oyentepip_integer_overflow_benign_2_64417a86-c3e5-4eca-b6cc-3ebf7cf5a628 ├── integer_overflow_benign_2.sol └── out.txt ├── run_oyentepip_integer_overflow_bytes_param_76e1b0b5-e300-451b-964b-3ab68b2a1c07 ├── integer_overflow_bytes_param.sol └── out.txt ├── run_oyentepip_integer_overflow_dynarray_a52f0e4b-3e99-4c3a-b552-9f01fe4e6be1 ├── integer_overflow_dynarray.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_mapping_4a618d98-ddac-449c-8645-ed2d7c676bcd ├── integer_overflow_mapping_mapping.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_staticarray_988ee0d4-dd45-4d9a-942c-5b920a1906cf ├── integer_overflow_mapping_staticarray.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_strkey_00c775d7-7b19-479b-8ea0-b2a79d3bf54b ├── integer_overflow_mapping_strkey.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_struct_9c1e4314-c9cd-4d02-a06d-42f35f346df4 ├── integer_overflow_mapping_struct.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_sym_1_66d4adc9-8b67-484d-9398-bebdbc9b15c7 ├── integer_overflow_mapping_sym_1.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_sym_2_82d9e92d-3152-412a-a744-255c340d93ed ├── integer_overflow_mapping_sym_2.sol └── out.txt ├── run_oyentepip_integer_overflow_mapping_word_c6289032-d1c3-450c-9e2b-527bd325c9e1 ├── integer_overflow_mapping_word.sol └── out.txt ├── run_oyentepip_integer_overflow_minimal_45179c1d-1c09-4adf-adf4-e7c08256eaf9 ├── integer_overflow_minimal.sol └── out.txt ├── run_oyentepip_integer_overflow_mul_2c7194cd-9146-48e3-b958-6bea2f3df3bb ├── integer_overflow_mul.sol └── out.txt ├── run_oyentepip_integer_overflow_multitx_multifunc_feasible_881a1a4e-48bb-4faa-9028-be4b41211d8a ├── integer_overflow_multitx_multifunc_feasible.sol └── out.txt ├── run_oyentepip_integer_overflow_multitx_onefunc_feasible_7edb0ad9-a2ee-4a5d-98c0-d381bbfe6e45 ├── integer_overflow_multitx_onefunc_feasible.sol └── out.txt ├── run_oyentepip_integer_overflow_multitx_onefunc_infeasible_c6de633c-0868-4187-ac82-eea27da1692a ├── integer_overflow_multitx_onefunc_infeasible.sol └── out.txt ├── run_oyentepip_integer_overflow_path_1_6c9d58d1-7a74-43e8-8999-09c104ecd1c2 ├── integer_overflow_path_1.sol └── out.txt ├── run_oyentepip_integer_overflow_staticarray_899e8379-84bb-4166-89e5-5212041e980a ├── integer_overflow_staticarray.sol └── out.txt ├── run_oyentepip_integer_overflow_storageinvariant_ae85cabe-ff82-4ab5-a701-7dd25092311f ├── integer_overflow_storageinvariant.sol └── out.txt ├── run_oyentepip_integer_overflow_storagepacking_b1e07b12-2804-4358-8b2d-d517ef53a783 ├── integer_overflow_storagepacking.sol └── out.txt ├── run_oyentepip_reentrancy_dao_53bf9f3a-8a0c-49c1-b880-6cc39975fa0c ├── out.txt └── reentrancy_dao.sol ├── run_oyentepip_reentrancy_dao_fixed_b042dc1f-8f97-4471-a9cb-b5b9c3545844 ├── out.txt └── reentrancy_dao_fixed.sol └── run_oyentepip_reentrancy_nostateeffect_410e7b12-0ddf-428f-8f0e-f8f95d23748c ├── out.txt └── reentrancy_nostateeffect.sol /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 ConsenSys 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EVM Analyzer Benchmark Suite 2 | 3 | This repo keeps benchmarks for evaluating the precision of EVM code analysis tools. If you have a benchmark that you would like to contribute, please submit it as a pull request. Please open an issue if you have any suggestions or feedback, or contact diligence-core@consensys.net. 4 | 5 | The link below shows the results of running some tools on these benchmarks: 6 | 7 | https://diligence.consensys.net/evm-analyzer-benchmark-suite 8 | -------------------------------------------------------------------------------- /benchmarks/assert_constructor.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertConstructor { 4 | function AssertConstructor() public { 5 | assert(false); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /benchmarks/assert_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertMinimal { 4 | function run() public { 5 | assert(false); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /benchmarks/assert_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertMultiTx1 { 4 | uint256 private param; 5 | 6 | function AssertMultiTx1(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | } 16 | -------------------------------------------------------------------------------- /benchmarks/assert_multitx_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertMultiTx2 { 4 | uint256 private param; 5 | 6 | function AssertMultiTx2(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | function set(uint256 _param) { 16 | param = _param; 17 | } 18 | 19 | 20 | } 21 | -------------------------------------------------------------------------------- /benchmarks/assert_require.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertRequire { 4 | function run(uint256 _param) public { 5 | require(_param > 0); 6 | assert(_param > 0); 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /benchmarks/assert_sym.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract AssertSym { 4 | function run(uint256 param) public { 5 | assert(param > 0); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /benchmarks/attribute_store.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | library AttributeStore { 4 | struct Data { 5 | mapping(bytes32 => uint) store; 6 | } 7 | 8 | function getAttribute(Data storage self, bytes32 _UUID, string _attrName) public view returns (uint) { 9 | bytes32 key = keccak256(_UUID, _attrName); 10 | return self.store[key]; 11 | } 12 | 13 | function attachAttribute(Data storage self, bytes32 _UUID, string _attrName, uint _attrVal) public { 14 | bytes32 key = keccak256(_UUID, _attrName); 15 | self.store[key] = _attrVal; 16 | } 17 | } -------------------------------------------------------------------------------- /benchmarks/eth_tx_order_dependence_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract EthTxOrderDependence2 { 4 | uint256 public reward; 5 | address owner; 6 | 7 | function EthTxOrderDependence2() { 8 | owner = msg.sender; 9 | } 10 | 11 | function setReward() public payable { 12 | require(msg.sender == owner); 13 | 14 | owner.transfer(reward); //refund previous reward 15 | reward = msg.value; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /benchmarks/eth_tx_order_dependence_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract EthTxOrderDependenceMinimal { 4 | address public owner; 5 | bool public claimed; 6 | uint public reward; 7 | 8 | function EthTxOrderDependenceMinimal() public { 9 | owner = msg.sender; 10 | } 11 | 12 | function setReward() public payable { 13 | require (!claimed); 14 | 15 | require(msg.sender == owner); 16 | owner.transfer(reward); 17 | reward = msg.value; 18 | } 19 | 20 | function claimReward(uint256 submission) { 21 | require (!claimed); 22 | require(submission < 10); 23 | 24 | msg.sender.transfer(reward); 25 | claimed = true; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /benchmarks/eth_tx_order_dependence_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract EtxTxOrderDependenceMultiTx1 { 4 | address public owner; 5 | bool public claimed; 6 | uint256 public reward; 7 | bool public freezeReward; 8 | 9 | function EtxTxOrderDependenceMultiTx1() public { 10 | owner = msg.sender; 11 | } 12 | 13 | function setReward() public payable { 14 | require (!claimed); 15 | require (!freezeReward); 16 | require(msg.sender == owner); 17 | 18 | owner.transfer(reward); 19 | reward = msg.value; 20 | } 21 | 22 | function freezeReward() public { 23 | freezeReward = true; 24 | } 25 | 26 | function claimReward(uint256 submission) { 27 | require (freezeReward); 28 | require (!claimed); 29 | require(submission < 10); 30 | 31 | msg.sender.transfer(reward); 32 | claimed = true; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /benchmarks/eth_tx_order_dependence_puzzle.sol: -------------------------------------------------------------------------------- 1 | //Adapted from Oyente paper 2 | pragma solidity ^0.4.16; 3 | 4 | contract EtxTxOrderDependencePuzzle { 5 | address public owner ; 6 | bool public locked ; 7 | uint public reward ; 8 | bytes32 public diff ; 9 | bytes public solution; 10 | 11 | function Puzzle() public payable { 12 | owner = msg.sender; 13 | reward = msg.value; 14 | locked = false ; 15 | diff = bytes32 (11111); // pre - defined difficulty 16 | } 17 | 18 | function () public payable { // main code , runs at every invocation 19 | if ( msg.sender == owner ){ // update reward 20 | require (!locked); 21 | owner.transfer(reward); 22 | reward = msg.value; 23 | } else { 24 | if (msg.data.length > 0) { // submit a solution 25 | require (!locked); 26 | if ( sha256 (msg.data ) < diff ){ 27 | msg.sender.transfer(reward); // send reward 28 | solution = msg.data; 29 | locked = true; 30 | } 31 | } 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_add.md: -------------------------------------------------------------------------------- 1 | Integer Overflow (state modifying) 2 | ================================== 3 | 4 | This is an example of an integer overflow bug that allows an attacker to directly set an overflow condition 5 | and let them set the value of `count` to whatever they want. 6 | In the original specification, the developer of this application might have intended that `count` would allow 7 | be allowed to be incremented from it's previous number (for example, in minting new tokens). 8 | 9 | However, due to this vulnerability the attacker is able to set `count` to 0 by sending `MAX_UINT256 - 1` 10 | (which is `2**256 - 2`) for the argument `input`, which is at the very least unintended behavior. 11 | 12 | More extreme versions of this bug were the basis for the following public mainnet explots: [DB_ENTRY], etc. 13 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_add.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowAdd { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count += input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_benign_1.md: -------------------------------------------------------------------------------- 1 | This example was derived from [an actual safe math library]( 2 | https://github.com/Modular-Network/ethereum-libraries/blob/master/BasicMathLib/BasicMathLib.sol) 3 | 4 | ```solidity 5 | //Single transaction overflow 6 | //Post-transaction effect: overflow never escapes function 7 | ``` 8 | 9 | Note that 10 | 11 | ```solidity 12 | function run(uint256 input) public { 13 | uint res = count - input; 14 | } 15 | ``` 16 | 17 | is equivalent to 18 | 19 | ```solidity 20 | function run(uint256 input) public { 21 | ; 22 | } 23 | ``` 24 | 25 | 26 | Ideally tools wouldn't report an overflow bug on this benchmark, even 27 | though the variable, `res` itself actually overflows. 28 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_benign_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow never escapes function 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowBenign1 { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | uint res = count - input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_benign_2.md: -------------------------------------------------------------------------------- 1 | This example was derived from [an actual safe math library]( 2 | https://github.com/Modular-Network/ethereum-libraries/blob/master/BasicMathLib/BasicMathLib.sol) 3 | 4 | ```solidity 5 | //Single transaction overflow 6 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 7 | ``` 8 | 9 | Ideally tools wouldn't report an overflow bug on this benchmark, even 10 | though the variable, `res` itself actually overflows. 11 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_benign_2.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowBenign2 { 7 | uint public count; 8 | 9 | function run(uint256 input) public { 10 | bool err; 11 | uint256 res = 1; 12 | 13 | (err, res) = minus(res, input); 14 | 15 | require(!err); 16 | count = res; 17 | } 18 | 19 | //from BasicMathLib 20 | function minus(uint256 a, uint256 b) private pure returns (bool err,uint256 res) { 21 | assembly { 22 | res := sub(a,b) 23 | switch eq(and(eq(add(res,b), a), or(lt(res,a), eq(res,a))), 1) 24 | case 0 { 25 | err := 1 26 | res := 0 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_bytes_param.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract IntegerOverflowBytesParam { 4 | function get(bytes key) public pure returns (bytes32) { 5 | return keccak256(key); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_dynarray.sol: -------------------------------------------------------------------------------- 1 | //Dynamic storage array with packing 2 | // 3 | pragma solidity ^0.4.11; 4 | 5 | contract IntegerOverflowDynArray { 6 | 7 | uint128[] private s; 8 | 9 | function init() public { 10 | s.length = 4; 11 | s[0] = 0xAA; 12 | s[1] = 0xBB; 13 | s[2] = 0xCC; 14 | s[3] = 0xDD; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_mapping.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract IntegerOverflowMapping { 6 | mapping(uint256 => mapping (uint256 => Tuple)) maps; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | maps[k][k].b = 0x1A; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_staticarray.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['map']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract IntegerOverflowMappingStaticArray { 6 | mapping(uint256 => bytes2) map; 7 | 8 | function init(uint256 k) public { 9 | map[k] = 0x1A; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_strkey.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract IntegerOverflowMappingStrKey { 4 | mapping(string => uint256) map; 5 | 6 | function get(string key) public view returns (uint256) { 7 | return map[key]; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_struct.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract IntegerOverflowMappingStruct { 6 | mapping(uint256 => Tuple) tuples; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | tuples[k].b = 0x1A; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_sym_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract IntegerOverflowMappingSym1 { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | map[k] -= v; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_sym_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract IntegerOveflowMappingSym2 { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | require(v < 10); 8 | map[k] = 10; 9 | map[k] -= v; 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mapping_word.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[i].a calculated as 2 | // keccak(bytes32(i) + bytes32(position['tuples']))+offset[a] 3 | pragma solidity ^0.4.11; 4 | 5 | contract IntegerOverflowMappingWord { 6 | mapping(uint256 => uint256) tuples; 7 | 8 | //tuple variable offset added to keccak(bytes32(key) + bytes32(position)) 9 | function init(uint256 key) public { 10 | tuples[key] = 0x1A; 11 | //tuples[key].b = 0x1B; 12 | //tuples[key].c = 0x1C; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_minimal.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowMinimal { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count -= input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_mul.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowMul { 7 | uint public count = 2; 8 | 9 | function run(uint256 input) public { 10 | count *= input; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_multitx_multifunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, multi-function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowMultiTxMultiFuncFeasible { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function init() public { 11 | initialized = 1; 12 | } 13 | 14 | function run(uint256 input) { 15 | if (initialized == 0) { 16 | return; 17 | } 18 | 19 | count -= input; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_multitx_onefunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowMultiTxOneFuncFeasible { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | initialized = 1; 13 | return; 14 | } 15 | 16 | count -= input; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_multitx_onefunc_infeasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Overflow infeasible because arithmetic instruction not reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowMultiTxOneFuncInfeasible { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | return; 13 | } 14 | 15 | count -= input; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_path_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract IntegerOverflowPath1 { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count = sub(count, input); 11 | } 12 | 13 | //from SafeMath 14 | function sub(uint256 a, uint256 b) internal pure returns (uint256) { 15 | require(b <= a);//SafeMath uses assert here 16 | return a - b; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_staticarray.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | contract IntegerOverflowStaticArray { 3 | uint256[6] private numbers; 4 | 5 | function get(uint256 i) public returns(uint256) { 6 | require(i < 6); 7 | return numbers[i]; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_storageinvariant.sol: -------------------------------------------------------------------------------- 1 | //No underflow because of credit/balance invariant: sum (credit.values) = balance 2 | pragma solidity ^0.4.19; 3 | 4 | contract IntegerOverflowStorageInvariant { 5 | mapping (address => uint) credit; 6 | uint balance; 7 | 8 | function withdrawAll() public { 9 | uint oCredit = credit[msg.sender]; 10 | if (oCredit > 0) { 11 | credit[msg.sender] = 0; 12 | balance -= oCredit; 13 | msg.sender.transfer(oCredit); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | require(balance < 1000); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /benchmarks/integer_overflow_storagepacking.sol: -------------------------------------------------------------------------------- 1 | //Storage packing optimization stores a,b in a single 32-byte storage slot. 2 | //solc generates MUL instruction that operates on compile-time constants to 3 | // extract variable a (or b) from packed storage slot. 4 | pragma solidity ^0.4.11; 5 | contract IntegerOverflowStoragePackaging { 6 | uint128 a; 7 | uint128 b; 8 | function C() public { 9 | a = 1; 10 | b = 2; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /benchmarks/reentrancy_dao.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract ReentrancyDAO { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | bool callResult = msg.sender.call.value(oCredit)(); 12 | require (callResult); 13 | credit[msg.sender] = 0; 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /benchmarks/reentrancy_dao_fixed.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract ReentrancyDaoFixed { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | credit[msg.sender] = 0; 12 | bool callResult = msg.sender.call.value(oCredit)(); 13 | require (callResult); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /benchmarks/reentrancy_nostateeffect.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | interface Runner { 4 | function run(uint256 param) external; 5 | } 6 | 7 | contract ReentrancyNoStateEffect { 8 | 9 | function run(address base, uint256 param) public { 10 | Runner(base).run(param); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_constructor_2a590fb3-5a4e-49e2-bc94-3497c29c5ac3/assert_constructor.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function Benchmark() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_constructor_2a590fb3-5a4e-49e2-bc94-3497c29c5ac3/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:22,399: [16194] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:22,420: [16194] m.ethereum:INFO: Generated testcase No. 0 - THROW 3 | 2018-05-24 17:38:22,421: [16194] m.c.executor:ERROR: Exception: 'seth.rt.trace' 4 | Traceback (most recent call last): 5 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 6 | self.generate_testcase(current_state, str(e)) 7 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 8 | self._publish('will_generate_testcase', state, 'test', message) 9 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 10 | self._publish_impl(_name, *args, **kwargs) 11 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 12 | sink._publish_impl(_name, *args, **kwargs) 13 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 14 | callback(robj(), *args, **kwargs) 15 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1273, in _generate_testcase_callback 16 | address, offset = state.context['seth.rt.trace'][-1] 17 | KeyError: 'seth.rt.trace' 18 | 19 | 2018-05-24 17:38:22,424: [16194] m.ethereum:INFO: Starting symbolic transaction: 1 20 | Traceback (most recent call last): 21 | File "/usr/local/bin/manticore", line 11, in 22 | sys.exit(main()) 23 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 118, in main 24 | ethereum_cli(args) 25 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 107, in ethereum_cli 26 | m.multi_tx_analysis(args.argv[0], args.contract, args.txlimit, not args.txnocoverage, args.txaccount) 27 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1053, in multi_tx_analysis 28 | run_symbolic_tx() 29 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1046, in run_symbolic_tx 30 | value=symbolic_value) 31 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1023, in transaction 32 | self.completed_transactions, self.global_coverage(address), len(self.terminated_state_ids), len(self.running_state_ids)) 33 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1557, in global_coverage 34 | return calculate_coverage(runtime_bytecode, seen) 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 150, in calculate_coverage 36 | return count * 100.0 / total 37 | ZeroDivisionError: float division by zero 38 | EXITSTATUS=1 39 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_minimal_2b1c742b-c80a-44b9-ac94-443e1f55536e/assert_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_minimal_2b1c742b-c80a-44b9-ac94-443e1f55536e/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:17,634: [15955] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:17,911: [15955] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:18,158: [15955] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:18,863: [15955] m.ethereum:INFO: Generated testcase No. 1 - THROW 5 | 2018-05-24 17:38:19,414: [15955] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:38:20,012: [15955] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 0 7 | 2018-05-24 17:38:20,028: [15955] m.ethereum:INFO: Results in /home/vagrant/mcore_D45xsR 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_multitx_1_9892f4f1-87f1-4733-9668-b717ad3582ba/assert_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_multitx_1_9892f4f1-87f1-4733-9668-b717ad3582ba/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:38,565: [16843] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:38,607: [16843] m.ethereum:INFO: Generated testcase No. 0 - REVERT 3 | 2018-05-24 17:38:38,608: [16843] m.c.executor:ERROR: Exception: 'seth.rt.trace' 4 | Traceback (most recent call last): 5 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 6 | self.generate_testcase(current_state, str(e)) 7 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 8 | self._publish('will_generate_testcase', state, 'test', message) 9 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 10 | self._publish_impl(_name, *args, **kwargs) 11 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 12 | sink._publish_impl(_name, *args, **kwargs) 13 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 14 | callback(robj(), *args, **kwargs) 15 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1273, in _generate_testcase_callback 16 | address, offset = state.context['seth.rt.trace'][-1] 17 | KeyError: 'seth.rt.trace' 18 | 19 | 2018-05-24 17:38:38,611: [16843] m.ethereum:INFO: Starting symbolic transaction: 1 20 | Traceback (most recent call last): 21 | File "/usr/local/bin/manticore", line 11, in 22 | sys.exit(main()) 23 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 118, in main 24 | ethereum_cli(args) 25 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 107, in ethereum_cli 26 | m.multi_tx_analysis(args.argv[0], args.contract, args.txlimit, not args.txnocoverage, args.txaccount) 27 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1053, in multi_tx_analysis 28 | run_symbolic_tx() 29 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1046, in run_symbolic_tx 30 | value=symbolic_value) 31 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1023, in transaction 32 | self.completed_transactions, self.global_coverage(address), len(self.terminated_state_ids), len(self.running_state_ids)) 33 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1557, in global_coverage 34 | return calculate_coverage(runtime_bytecode, seen) 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 150, in calculate_coverage 36 | return count * 100.0 / total 37 | ZeroDivisionError: float division by zero 38 | EXITSTATUS=1 39 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_multitx_2_e921b8dc-9b47-43e0-be2b-1f8affd41333/assert_multitx_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | function set(uint256 _param) { 16 | param = _param; 17 | } 18 | 19 | 20 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_multitx_2_e921b8dc-9b47-43e0-be2b-1f8affd41333/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:40,832: [16980] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:40,879: [16980] m.ethereum:INFO: Generated testcase No. 0 - REVERT 3 | 2018-05-24 17:38:40,880: [16980] m.c.executor:ERROR: Exception: 'seth.rt.trace' 4 | Traceback (most recent call last): 5 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 6 | self.generate_testcase(current_state, str(e)) 7 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 8 | self._publish('will_generate_testcase', state, 'test', message) 9 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 10 | self._publish_impl(_name, *args, **kwargs) 11 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 12 | sink._publish_impl(_name, *args, **kwargs) 13 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 14 | callback(robj(), *args, **kwargs) 15 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1273, in _generate_testcase_callback 16 | address, offset = state.context['seth.rt.trace'][-1] 17 | KeyError: 'seth.rt.trace' 18 | 19 | 2018-05-24 17:38:40,883: [16980] m.ethereum:INFO: Starting symbolic transaction: 1 20 | Traceback (most recent call last): 21 | File "/usr/local/bin/manticore", line 11, in 22 | sys.exit(main()) 23 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 118, in main 24 | ethereum_cli(args) 25 | File "/usr/local/lib/python2.7/dist-packages/manticore/__main__.py", line 107, in ethereum_cli 26 | m.multi_tx_analysis(args.argv[0], args.contract, args.txlimit, not args.txnocoverage, args.txaccount) 27 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1053, in multi_tx_analysis 28 | run_symbolic_tx() 29 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1046, in run_symbolic_tx 30 | value=symbolic_value) 31 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1023, in transaction 32 | self.completed_transactions, self.global_coverage(address), len(self.terminated_state_ids), len(self.running_state_ids)) 33 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1557, in global_coverage 34 | return calculate_coverage(runtime_bytecode, seen) 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 150, in calculate_coverage 36 | return count * 100.0 / total 37 | ZeroDivisionError: float division by zero 38 | EXITSTATUS=1 39 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_require_11ff664a-2282-4fe7-816e-db8109aca109/assert_require.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 _param) public { 5 | require(_param > 0); 6 | assert(_param > 0); 7 | } 8 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_require_11ff664a-2282-4fe7-816e-db8109aca109/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:31,560: [16559] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:31,910: [16559] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:32,157: [16559] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:33,016: [16559] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:34,088: [16559] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:38:35,236: [16559] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 1 7 | 2018-05-24 17:38:35,245: [16774] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:38:36,317: [16559] m.ethereum:INFO: Results in /home/vagrant/mcore_PBDPSn 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_assert_sym_236dbbf5-55d2-45f1-ae80-58645a9b30b5/assert_sym.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 param) public { 5 | assert(param > 0); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_manticoregit_assert_sym_236dbbf5-55d2-45f1-ae80-58645a9b30b5/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:24,688: [16289] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:25,005: [16289] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:25,253: [16289] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:26,127: [16289] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:27,237: [16289] m.ethereum:INFO: Generated testcase No. 2 - THROW 6 | 2018-05-24 17:38:28,304: [16289] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 1 7 | 2018-05-24 17:38:28,312: [16490] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:38:29,373: [16289] m.ethereum:INFO: Results in /home/vagrant/mcore_b3G_8y 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_attribute_store_1676c676-cadb-48d0-b9dc-fa1785cb3f56/attribute_store.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | library AttributeStore { 4 | struct Data { 5 | mapping(bytes32 => uint) store; 6 | } 7 | 8 | function getAttribute(Data storage self, bytes32 _UUID, string _attrName) public view returns (uint) { 9 | bytes32 key = keccak256(_UUID, _attrName); 10 | return self.store[key]; 11 | } 12 | 13 | function attachAttribute(Data storage self, bytes32 _UUID, string _attrName, uint _attrVal) public { 14 | bytes32 key = keccak256(_UUID, _attrName); 15 | self.store[key] = _attrVal; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_manticoregit_attribute_store_1676c676-cadb-48d0-b9dc-fa1785cb3f56/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:47,449: [13551] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:49,360: [13551] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:49,886: [13551] m.ethereum:WARNING: Integer overflow at ADD instruction 4 | 2018-05-24 17:37:49,946: [13551] m.ethereum:WARNING: Integer overflow at ADD instruction 5 | 2018-05-24 17:37:50,893: [13551] m.ethereum:WARNING: Integer overflow at ADD instruction 6 | 2018-05-24 17:37:52,189: [13551] m.ethereum:WARNING: Integer overflow at ADD instruction 7 | 2018-05-24 17:37:53,014: [13551] m.ethereum:WARNING: Integer overflow at ADD instruction 8 | 2018-05-24 17:37:53,026: [13551] m.c.executor:ERROR: Exception: __nonzero__ for Bool 9 | Traceback (most recent call last): 10 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 459, in run 11 | if not current_state.execute(): 12 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/state.py", line 126, in execute 13 | result = self._platform.execute() 14 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2217, in execute 15 | self.current.execute() 16 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1383, in execute 17 | result = implementation(*arguments) 18 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1647, in CALLDATACOPY 19 | self._consume(GCOPY * ceil32(size) // 32) 20 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1331, in _consume 21 | assert fee >= 0 22 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 123, in __nonzero__ 23 | raise NotImplementedError("__nonzero__ for Bool") 24 | NotImplementedError: __nonzero__ for Bool 25 | 26 | 2018-05-24 17:37:53,146: [13551] m.ethereum:INFO: Generated testcase No. 0 - REVERT 27 | 2018-05-24 17:37:53,760: [13551] m.c.executor:ERROR: Exception: u'AttributeStore.Data storage' 28 | Traceback (most recent call last): 29 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 30 | self.generate_testcase(current_state, str(e)) 31 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 32 | self._publish('will_generate_testcase', state, 'test', message) 33 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 34 | self._publish_impl(_name, *args, **kwargs) 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 36 | sink._publish_impl(_name, *args, **kwargs) 37 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 38 | callback(robj(), *args, **kwargs) 39 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 40 | function_name, arguments = ABI.parse(signature, tx.data) 41 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 42 | val, off = ABI._consume_type(ty, data, off) 43 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 466, in _consume_type 44 | raise NotImplementedError(repr(ty)) 45 | NotImplementedError: u'AttributeStore.Data storage' 46 | 47 | 2018-05-24 17:37:53,777: [13551] m.ethereum:INFO: Generated testcase No. 1 - REVERT 48 | 2018-05-24 17:37:54,445: [13551] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 2 49 | 2018-05-24 17:37:54,526: [14294] m.ethereum:INFO: Generated testcase No. 2 - __nonzero__ for Bool 50 | Process Process-3: 51 | Traceback (most recent call last): 52 | File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap 53 | self.run() 54 | File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run 55 | self._target(*self._args, **self._kwargs) 56 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1511, in f 57 | self.terminate_state_id(state_id) 58 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 864, in terminate_state_id 59 | self._generate_testcase_callback(state, 'test', last_exc.message) 60 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 61 | function_name, arguments = ABI.parse(signature, tx.data) 62 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 63 | val, off = ABI._consume_type(ty, data, off) 64 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 466, in _consume_type 65 | raise NotImplementedError(repr(ty)) 66 | NotImplementedError: u'AttributeStore.Data storage' 67 | 2018-05-24 17:37:55,238: [13551] m.ethereum:INFO: Results in /home/vagrant/mcore_A_saQS 68 | EXITSTATUS=0 69 | -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_2_0cd8a357-98fd-4934-9186-fdcec3e8c853/eth_tx_order_dependence_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | uint256 public reward; 5 | address owner; 6 | 7 | function Benchmark() { 8 | owner = msg.sender; 9 | } 10 | 11 | function setReward() public payable { 12 | require(msg.sender == owner); 13 | 14 | owner.transfer(reward); //refund previous reward 15 | reward = msg.value; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_2_0cd8a357-98fd-4934-9186-fdcec3e8c853/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:58,491: [18056] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:59,359: [18056] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:59,735: [18056] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:39:00,445: [18056] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:39:01,060: [18056] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:39:01,673: [18056] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 1 7 | 2018-05-24 17:39:01,683: [18465] m.ethereum:INFO: Generated testcase No. 3 - RETURN 8 | 2018-05-24 17:39:02,246: [18056] m.ethereum:INFO: Results in /home/vagrant/mcore_HQ2XLI 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_minimal_e7b579f5-4a84-46b4-afc2-bbfc67cc5a21/eth_tx_order_dependence_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint public reward; 7 | 8 | function Benchmark() public { 9 | owner = msg.sender; 10 | } 11 | 12 | function setReward() public payable { 13 | require (!claimed); 14 | 15 | require(msg.sender == owner); 16 | owner.transfer(reward); 17 | reward = msg.value; 18 | } 19 | 20 | function claimReward(uint256 submission) { 21 | require (!claimed); 22 | require(submission < 10); 23 | 24 | msg.sender.transfer(reward); 25 | claimed = true; 26 | } 27 | } -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_minimal_e7b579f5-4a84-46b4-afc2-bbfc67cc5a21/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:42,981: [17076] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:45,054: [17076] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:45,444: [17076] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:46,167: [17076] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:47,061: [17076] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:38:48,701: [17076] m.ethereum:INFO: Generated testcase No. 3 - REVERT 7 | 2018-05-24 17:38:49,430: [17076] m.ethereum:INFO: Generated testcase No. 4 - REVERT 8 | 2018-05-24 17:38:50,137: [17076] m.ethereum:INFO: Generated testcase No. 5 - REVERT 9 | 2018-05-24 17:38:51,375: [17076] m.ethereum:INFO: Generated testcase No. 6 - REVERT 10 | 2018-05-24 17:38:52,692: [17076] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 8 | Alive States: 4 11 | 2018-05-24 17:38:52,717: [17972] m.ethereum:INFO: Generated testcase No. 7 - RETURN 12 | 2018-05-24 17:38:53,397: [17972] m.ethereum:INFO: Generated testcase No. 8 - RETURN 13 | 2018-05-24 17:38:54,109: [17972] m.ethereum:INFO: Generated testcase No. 9 - RETURN 14 | 2018-05-24 17:38:54,863: [17972] m.ethereum:INFO: Generated testcase No. 10 - STOP 15 | 2018-05-24 17:38:56,194: [17076] m.ethereum:INFO: Results in /home/vagrant/mcore_tRMzIl 16 | EXITSTATUS=0 17 | -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_multitx_1_b20df959-48e3-4dc3-88a2-e37b05de1e02/eth_tx_order_dependence_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint256 public reward; 7 | bool public freezeReward; 8 | 9 | function Benchmark() public { 10 | owner = msg.sender; 11 | } 12 | 13 | function setReward() public payable { 14 | require (!claimed); 15 | require (!freezeReward); 16 | require(msg.sender == owner); 17 | 18 | owner.transfer(reward); 19 | reward = msg.value; 20 | } 21 | 22 | function freezeReward() public { 23 | freezeReward = true; 24 | } 25 | 26 | function claimReward(uint256 submission) { 27 | require (freezeReward); 28 | require (!claimed); 29 | require(submission < 10); 30 | 31 | msg.sender.transfer(reward); 32 | claimed = true; 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_multitx_1_b20df959-48e3-4dc3-88a2-e37b05de1e02/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:39:38,870: [20489] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:39:41,326: [20489] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:39:41,637: [20489] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:39:42,531: [20489] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:39:43,860: [20489] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:39:45,131: [20489] m.ethereum:INFO: Generated testcase No. 3 - REVERT 7 | 2018-05-24 17:39:45,994: [20489] m.ethereum:INFO: Generated testcase No. 4 - REVERT 8 | 2018-05-24 17:39:47,364: [20489] m.ethereum:INFO: Generated testcase No. 5 - REVERT 9 | 2018-05-24 17:39:48,243: [20489] m.ethereum:INFO: Generated testcase No. 6 - REVERT 10 | 2018-05-24 17:39:49,038: [20489] m.ethereum:INFO: Generated testcase No. 7 - REVERT 11 | 2018-05-24 17:39:49,854: [20489] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 9 | Alive States: 4 12 | 2018-05-24 17:39:49,881: [21485] m.ethereum:INFO: Generated testcase No. 8 - RETURN 13 | 2018-05-24 17:39:50,592: [21485] m.ethereum:INFO: Generated testcase No. 9 - RETURN 14 | 2018-05-24 17:39:51,331: [21485] m.ethereum:INFO: Generated testcase No. 10 - RETURN 15 | 2018-05-24 17:39:52,182: [21485] m.ethereum:INFO: Generated testcase No. 11 - STOP 16 | 2018-05-24 17:39:52,989: [20489] m.ethereum:INFO: Results in /home/vagrant/mcore_RztUb5 17 | EXITSTATUS=0 18 | -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_puzzle_29773d2f-87e4-4d99-8e0c-8459d6cd13ff/eth_tx_order_dependence_puzzle.sol: -------------------------------------------------------------------------------- 1 | //Adapted from Oyente paper 2 | pragma solidity ^0.4.16; 3 | 4 | contract Benchmark { 5 | address public owner ; 6 | bool public locked ; 7 | uint public reward ; 8 | bytes32 public diff ; 9 | bytes public solution; 10 | 11 | function Puzzle() public payable { 12 | owner = msg.sender; 13 | reward = msg.value; 14 | locked = false ; 15 | diff = bytes32 (11111); // pre - defined difficulty 16 | } 17 | 18 | function () public payable { // main code , runs at every invocation 19 | if ( msg.sender == owner ){ // update reward 20 | require (!locked); 21 | owner.transfer(reward); 22 | reward = msg.value; 23 | } else { 24 | if (msg.data.length > 0) { // submit a solution 25 | require (!locked); 26 | if ( sha256 (msg.data ) < diff ){ 27 | msg.sender.transfer(reward); // send reward 28 | solution = msg.data; 29 | locked = true; 30 | } 31 | } 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_manticoregit_eth_tx_order_dependence_puzzle_29773d2f-87e4-4d99-8e0c-8459d6cd13ff/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:39:04,522: [18533] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:39:09,178: [18533] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:39:09,664: [18533] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:39:10,592: [18533] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:39:11,345: [18533] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:39:24,338: [18533] m.c.executor:ERROR: Exception: 2L 7 | Traceback (most recent call last): 8 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 459, in run 9 | if not current_state.execute(): 10 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/state.py", line 126, in execute 11 | result = self._platform.execute() 12 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2221, in execute 13 | self.CALL(ex.gas, ex.to, ex.value, ex.data) 14 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2437, in CALL 15 | bytecode = self.get_code(to) 16 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2122, in get_code 17 | return self.storage[address]['code'] 18 | KeyError: 2L 19 | 20 | 2018-05-24 17:39:24,980: [18533] m.ethereum:INFO: Generated testcase No. 3 - REVERT 21 | 2018-05-24 17:39:26,323: [18533] m.ethereum:INFO: Generated testcase No. 4 - REVERT 22 | 2018-05-24 17:39:27,692: [18533] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 6 | Alive States: 7 23 | 2018-05-24 17:39:27,724: [20390] m.ethereum:INFO: Generated testcase No. 5 - RETURN 24 | 2018-05-24 17:39:28,933: [20390] m.ethereum:INFO: Generated testcase No. 6 - STOP 25 | 2018-05-24 17:39:30,265: [20390] m.ethereum:INFO: Generated testcase No. 7 - RETURN 26 | 2018-05-24 17:39:31,550: [20390] m.ethereum:INFO: Generated testcase No. 8 - 2 27 | 2018-05-24 17:39:32,929: [20390] m.ethereum:INFO: Generated testcase No. 9 - RETURN 28 | 2018-05-24 17:39:34,241: [20390] m.ethereum:INFO: Generated testcase No. 10 - RETURN 29 | 2018-05-24 17:39:35,502: [20390] m.ethereum:INFO: Generated testcase No. 11 - RETURN 30 | 2018-05-24 17:39:36,867: [18533] m.ethereum:INFO: Results in /home/vagrant/mcore_Gz1TcZ 31 | EXITSTATUS=0 32 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_add_705032e4-1ccf-4521-990c-a49bfca91903/integer_overflow_add.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count += input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_add_705032e4-1ccf-4521-990c-a49bfca91903/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:12,592: [5763] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:13,054: [5763] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:13,528: [5763] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:14,141: [5763] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:14,794: [5763] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:16,060: [5763] m.ethereum:WARNING: Integer overflow at ADD instruction 7 | 2018-05-24 17:35:16,079: [5763] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 8 | 2018-05-24 17:35:16,100: [6028] m.ethereum:INFO: Generated testcase No. 3 - RETURN 9 | 2018-05-24 17:35:16,656: [6028] m.ethereum:INFO: Generated testcase No. 4 - STOP 10 | 2018-05-24 17:35:17,772: [5763] m.ethereum:INFO: Results in /home/vagrant/mcore_dMf4te 11 | EXITSTATUS=0 12 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_benign_1_f6740651-2cdd-4601-b557-b00519e62c2f/integer_overflow_benign_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow never escapes function 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | uint res = count - input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_benign_1_f6740651-2cdd-4601-b557-b00519e62c2f/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:27,252: [6443] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:27,696: [6443] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:28,170: [6443] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:28,768: [6443] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:29,410: [6443] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:30,630: [6443] m.ethereum:WARNING: Integer underflow at SUB instruction 7 | 2018-05-24 17:35:30,645: [6443] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 8 | 2018-05-24 17:35:30,666: [6702] m.ethereum:INFO: Generated testcase No. 3 - RETURN 9 | 2018-05-24 17:35:31,218: [6702] m.ethereum:INFO: Generated testcase No. 4 - STOP 10 | 2018-05-24 17:35:32,298: [6443] m.ethereum:INFO: Results in /home/vagrant/mcore_lLhMZ_ 11 | EXITSTATUS=0 12 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_benign_2_05b13a6e-2889-4d3b-8725-cd30d84210a2/integer_overflow_benign_2.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count; 8 | 9 | function run(uint256 input) public { 10 | bool err; 11 | uint256 res = 1; 12 | 13 | (err, res) = minus(res, input); 14 | 15 | require(!err); 16 | count = res; 17 | } 18 | 19 | //from BasicMathLib 20 | function minus(uint256 a, uint256 b) private pure returns (bool err,uint256 res) { 21 | assembly { 22 | res := sub(a,b) 23 | switch eq(and(eq(add(res,b), a), or(lt(res,a), eq(res,a))), 1) 24 | case 0 { 25 | err := 1 26 | res := 0 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_benign_2_05b13a6e-2889-4d3b-8725-cd30d84210a2/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:34,533: [6776] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:35,195: [6776] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:35,657: [6776] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:36,272: [6776] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:36,931: [6776] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:38,226: [6776] m.ethereum:WARNING: Integer underflow at SUB instruction 7 | 2018-05-24 17:35:38,268: [6776] m.ethereum:WARNING: Integer overflow at ADD instruction 8 | 2018-05-24 17:35:38,408: [6776] m.ethereum:INFO: Generated testcase No. 3 - REVERT 9 | 2018-05-24 17:35:39,710: [6776] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 5 | Alive States: 2 10 | 2018-05-24 17:35:39,735: [7124] m.ethereum:INFO: Generated testcase No. 4 - RETURN 11 | 2018-05-24 17:35:40,301: [7124] m.ethereum:INFO: Generated testcase No. 5 - STOP 12 | 2018-05-24 17:35:41,590: [6776] m.ethereum:INFO: Results in /home/vagrant/mcore_ZQzbqN 13 | EXITSTATUS=0 14 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_bytes_param_16d6b8b6-934c-4ba8-b99a-2211d5763820/integer_overflow_bytes_param.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | function get(bytes key) public pure returns (bytes32) { 5 | return keccak256(key); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_bytes_param_16d6b8b6-934c-4ba8-b99a-2211d5763820/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:43,437: [10244] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:44,226: [10244] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:44,523: [10244] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:45,610: [10244] m.c.executor:ERROR: Exception: 5 | Traceback (most recent call last): 6 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 7 | self.generate_testcase(current_state, str(e)) 8 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 9 | self._publish('will_generate_testcase', state, 'test', message) 10 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 11 | self._publish_impl(_name, *args, **kwargs) 12 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 13 | sink._publish_impl(_name, *args, **kwargs) 14 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 15 | callback(robj(), *args, **kwargs) 16 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 17 | function_name, arguments = ABI.parse(signature, tx.data) 18 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 19 | val, off = ABI._consume_type(ty, data, off) 20 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 453, in _consume_type 21 | result = data[dyn_offset + 32:dyn_offset + 32 + size] 22 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 720, in __getitem__ 23 | size = self._get_size(index) 24 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 714, in _get_size 25 | assert isinstance(size, BitVecConstant) 26 | AssertionError 27 | 28 | 2018-05-24 17:36:45,805: [10244] m.ethereum:WARNING: Integer overflow at ADD instruction 29 | 2018-05-24 17:36:45,850: [10244] m.ethereum:WARNING: Integer overflow at ADD instruction 30 | 2018-05-24 17:36:47,070: [10244] m.ethereum:WARNING: Integer overflow at ADD instruction 31 | 2018-05-24 17:36:50,090: [10244] m.ethereum:WARNING: Integer overflow at ADD instruction 32 | 2018-05-24 17:36:50,980: [10244] m.ethereum:WARNING: Integer overflow at ADD instruction 33 | 2018-05-24 17:36:50,993: [10244] m.c.executor:ERROR: Exception: __nonzero__ for Bool 34 | Traceback (most recent call last): 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 459, in run 36 | if not current_state.execute(): 37 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/state.py", line 126, in execute 38 | result = self._platform.execute() 39 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2217, in execute 40 | self.current.execute() 41 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1383, in execute 42 | result = implementation(*arguments) 43 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1647, in CALLDATACOPY 44 | self._consume(GCOPY * ceil32(size) // 32) 45 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1331, in _consume 46 | assert fee >= 0 47 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 123, in __nonzero__ 48 | raise NotImplementedError("__nonzero__ for Bool") 49 | NotImplementedError: __nonzero__ for Bool 50 | 51 | 2018-05-24 17:36:51,019: [10244] m.ethereum:INFO: Generated testcase No. 1 - REVERT 52 | 2018-05-24 17:36:51,655: [10244] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 2 53 | 2018-05-24 17:36:51,677: [10618] m.ethereum:INFO: Generated testcase No. 2 - 54 | Process Process-3: 55 | Traceback (most recent call last): 56 | File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap 57 | self.run() 58 | File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run 59 | self._target(*self._args, **self._kwargs) 60 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1511, in f 61 | self.terminate_state_id(state_id) 62 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 864, in terminate_state_id 63 | self._generate_testcase_callback(state, 'test', last_exc.message) 64 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 65 | function_name, arguments = ABI.parse(signature, tx.data) 66 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 67 | val, off = ABI._consume_type(ty, data, off) 68 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 453, in _consume_type 69 | result = data[dyn_offset + 32:dyn_offset + 32 + size] 70 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 720, in __getitem__ 71 | size = self._get_size(index) 72 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 714, in _get_size 73 | assert isinstance(size, BitVecConstant) 74 | AssertionError 75 | 2018-05-24 17:36:52,853: [10244] m.ethereum:INFO: Results in /home/vagrant/mcore_A88_pp 76 | EXITSTATUS=0 77 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_dynarray_ee6c1c0a-e6a1-41ec-91cb-d334635e103c/integer_overflow_dynarray.sol: -------------------------------------------------------------------------------- 1 | //Dynamic storage array with packing 2 | // 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | 7 | uint128[] private s; 8 | 9 | function init() public { 10 | s.length = 4; 11 | s[0] = 0xAA; 12 | s[1] = 0xBB; 13 | s[2] = 0xCC; 14 | s[3] = 0xDD; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_dynarray_ee6c1c0a-e6a1-41ec-91cb-d334635e103c/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:02,573: [11048] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:04,100: [11048] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:04,401: [11048] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:05,265: [11048] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:37:05,860: [11048] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 6 | 2018-05-24 17:37:05,871: [11678] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:37:06,421: [11048] m.ethereum:INFO: Results in /home/vagrant/mcore_bgtJqu 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_mapping_e3c89cbd-7ad8-446e-a135-8ccc02b3123b/integer_overflow_mapping_mapping.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | mapping(uint256 => mapping (uint256 => Tuple)) maps; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | maps[k][k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_mapping_e3c89cbd-7ad8-446e-a135-8ccc02b3123b/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:27,358: [12709] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:27,753: [12709] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:28,002: [12709] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:30,837: [12709] m.ethereum:WARNING: Integer overflow at ADD instruction 5 | 2018-05-24 17:37:30,963: [12709] m.ethereum:INFO: Generated testcase No. 1 - REVERT 6 | 2018-05-24 17:37:32,254: [12709] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 7 | 2018-05-24 17:37:32,264: [13037] m.ethereum:INFO: Generated testcase No. 2 - STOP 8 | 2018-05-24 17:37:33,796: [12709] m.ethereum:INFO: Results in /home/vagrant/mcore_fatqvA 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_staticarray_37cccb9c-ccbc-4329-86e1-ab5556ac4ff9/integer_overflow_mapping_staticarray.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['map']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => bytes2) map; 7 | 8 | function init(uint256 k) public { 9 | map[k] = 0x1A; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_staticarray_37cccb9c-ccbc-4329-86e1-ab5556ac4ff9/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:20,862: [12372] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:21,277: [12372] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:21,518: [12372] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:22,752: [12372] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:37:23,846: [12372] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 6 | 2018-05-24 17:37:23,855: [12639] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:37:25,015: [12372] m.ethereum:INFO: Results in /home/vagrant/mcore_sEFa2G 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_strkey_b04dbe79-b3cf-44b5-919d-84a6c12e424e/integer_overflow_mapping_strkey.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | mapping(string => uint256) map; 5 | 6 | function get(string key) public view returns (uint256) { 7 | return map[key]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_strkey_b04dbe79-b3cf-44b5-919d-84a6c12e424e/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:35,800: [13107] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:36,585: [13107] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:36,884: [13107] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:37,975: [13107] m.c.executor:ERROR: Exception: 5 | Traceback (most recent call last): 6 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 481, in run 7 | self.generate_testcase(current_state, str(e)) 8 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 353, in generate_testcase 9 | self._publish('will_generate_testcase', state, 'test', message) 10 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 118, in _publish 11 | self._publish_impl(_name, *args, **kwargs) 12 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 134, in _publish_impl 13 | sink._publish_impl(_name, *args, **kwargs) 14 | File "/usr/local/lib/python2.7/dist-packages/manticore/utils/event.py", line 126, in _publish_impl 15 | callback(robj(), *args, **kwargs) 16 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 17 | function_name, arguments = ABI.parse(signature, tx.data) 18 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 19 | val, off = ABI._consume_type(ty, data, off) 20 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 453, in _consume_type 21 | result = data[dyn_offset + 32:dyn_offset + 32 + size] 22 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 720, in __getitem__ 23 | size = self._get_size(index) 24 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 714, in _get_size 25 | assert isinstance(size, BitVecConstant) 26 | AssertionError 27 | 28 | 2018-05-24 17:37:38,166: [13107] m.ethereum:WARNING: Integer overflow at ADD instruction 29 | 2018-05-24 17:37:38,213: [13107] m.ethereum:WARNING: Integer overflow at ADD instruction 30 | 2018-05-24 17:37:39,437: [13107] m.ethereum:WARNING: Integer overflow at ADD instruction 31 | 2018-05-24 17:37:42,452: [13107] m.ethereum:WARNING: Integer overflow at ADD instruction 32 | 2018-05-24 17:37:43,334: [13107] m.ethereum:WARNING: Integer overflow at ADD instruction 33 | 2018-05-24 17:37:43,346: [13107] m.c.executor:ERROR: Exception: __nonzero__ for Bool 34 | Traceback (most recent call last): 35 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/executor.py", line 459, in run 36 | if not current_state.execute(): 37 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/state.py", line 126, in execute 38 | result = self._platform.execute() 39 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 2217, in execute 40 | self.current.execute() 41 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1383, in execute 42 | result = implementation(*arguments) 43 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1647, in CALLDATACOPY 44 | self._consume(GCOPY * ceil32(size) // 32) 45 | File "/usr/local/lib/python2.7/dist-packages/manticore/platforms/evm.py", line 1331, in _consume 46 | assert fee >= 0 47 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 123, in __nonzero__ 48 | raise NotImplementedError("__nonzero__ for Bool") 49 | NotImplementedError: __nonzero__ for Bool 50 | 51 | 2018-05-24 17:37:43,374: [13107] m.ethereum:INFO: Generated testcase No. 1 - REVERT 52 | 2018-05-24 17:37:43,971: [13107] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 2 53 | 2018-05-24 17:37:43,993: [13483] m.ethereum:INFO: Generated testcase No. 2 - 54 | Process Process-3: 55 | Traceback (most recent call last): 56 | File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap 57 | self.run() 58 | File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run 59 | self._target(*self._args, **self._kwargs) 60 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1511, in f 61 | self.terminate_state_id(state_id) 62 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 864, in terminate_state_id 63 | self._generate_testcase_callback(state, 'test', last_exc.message) 64 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 1344, in _generate_testcase_callback 65 | function_name, arguments = ABI.parse(signature, tx.data) 66 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 502, in parse 67 | val, off = ABI._consume_type(ty, data, off) 68 | File "/usr/local/lib/python2.7/dist-packages/manticore/ethereum.py", line 453, in _consume_type 69 | result = data[dyn_offset + 32:dyn_offset + 32 + size] 70 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 720, in __getitem__ 71 | size = self._get_size(index) 72 | File "/usr/local/lib/python2.7/dist-packages/manticore/core/smtlib/expression.py", line 714, in _get_size 73 | assert isinstance(size, BitVecConstant) 74 | AssertionError 75 | 2018-05-24 17:37:45,143: [13107] m.ethereum:INFO: Results in /home/vagrant/mcore__Ybi4M 76 | EXITSTATUS=0 77 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_struct_8a67c8f7-1a46-4cb8-a2d8-bf96d1ee710b/integer_overflow_mapping_struct.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => Tuple) tuples; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | tuples[k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_struct_8a67c8f7-1a46-4cb8-a2d8-bf96d1ee710b/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:14,705: [12057] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:15,056: [12057] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:15,300: [12057] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:16,552: [12057] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:37:17,661: [12057] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 6 | 2018-05-24 17:37:17,670: [12302] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:37:18,863: [12057] m.ethereum:INFO: Results in /home/vagrant/mcore_4Qw22U 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_sym_1_b681b0a3-e66c-4aaa-8101-2c5a6a1dc4ee/integer_overflow_mapping_sym_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | map[k] -= v; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_sym_1_b681b0a3-e66c-4aaa-8101-2c5a6a1dc4ee/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:23,489: [9325] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:23,884: [9325] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:24,130: [9325] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:25,422: [9325] m.ethereum:WARNING: Integer underflow at SUB instruction 5 | 2018-05-24 17:36:25,492: [9325] m.ethereum:INFO: Generated testcase No. 1 - REVERT 6 | 2018-05-24 17:36:26,693: [9325] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 7 | 2018-05-24 17:36:26,702: [9588] m.ethereum:INFO: Generated testcase No. 2 - STOP 8 | 2018-05-24 17:36:27,987: [9325] m.ethereum:INFO: Results in /home/vagrant/mcore_zO_UNU 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_sym_2_626210c6-257c-4a07-a5b8-dbc8fb504faa/integer_overflow_mapping_sym_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | require(v < 10); 8 | map[k] = 10; 9 | map[k] -= v; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_sym_2_626210c6-257c-4a07-a5b8-dbc8fb504faa/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:30,307: [9659] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:30,789: [9659] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:31,038: [9659] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:31,987: [9659] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:36:33,185: [9659] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:36:36,281: [9659] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 1 7 | 2018-05-24 17:36:36,290: [10005] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:36:37,947: [9659] m.ethereum:INFO: Results in /home/vagrant/mcore_tTG5cp 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_word_856cbc26-010d-4b9e-b336-029af2f7e260/integer_overflow_mapping_word.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[i].a calculated as 2 | // keccak(bytes32(i) + bytes32(position['tuples']))+offset[a] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => uint256) tuples; 7 | 8 | //tuple variable offset added to keccak(bytes32(key) + bytes32(position)) 9 | function init(uint256 key) public { 10 | tuples[key] = 0x1A; 11 | //tuples[key].b = 0x1B; 12 | //tuples[key].c = 0x1C; 13 | } 14 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mapping_word_856cbc26-010d-4b9e-b336-029af2f7e260/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:08,567: [11746] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:08,913: [11746] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:09,159: [11746] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:10,346: [11746] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:37:11,465: [11746] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 1 6 | 2018-05-24 17:37:11,473: [11987] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:37:12,640: [11746] m.ethereum:INFO: Results in /home/vagrant/mcore_aiyQMh 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_minimal_c7aff662-d06e-4cbb-84de-74de1e0049fa/integer_overflow_minimal.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count -= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_minimal_c7aff662-d06e-4cbb-84de-74de1e0049fa/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:05,318: [5423] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:05,776: [5423] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:06,255: [5423] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:06,858: [5423] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:07,509: [5423] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:08,756: [5423] m.ethereum:WARNING: Integer underflow at SUB instruction 7 | 2018-05-24 17:35:08,775: [5423] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 8 | 2018-05-24 17:35:08,796: [5688] m.ethereum:INFO: Generated testcase No. 3 - RETURN 9 | 2018-05-24 17:35:09,352: [5688] m.ethereum:INFO: Generated testcase No. 4 - STOP 10 | 2018-05-24 17:35:10,468: [5423] m.ethereum:INFO: Results in /home/vagrant/mcore_uTZssw 11 | EXITSTATUS=0 12 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mul_01adcc26-80e7-42c5-9985-cd6ffd9a0ebb/integer_overflow_mul.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 2; 8 | 9 | function run(uint256 input) public { 10 | count *= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_mul_01adcc26-80e7-42c5-9985-cd6ffd9a0ebb/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:19,770: [6103] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:20,230: [6103] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:20,701: [6103] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:21,314: [6103] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:21,965: [6103] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:23,235: [6103] m.ethereum:WARNING: Integer overflow at MUL instruction 7 | 2018-05-24 17:35:23,254: [6103] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 8 | 2018-05-24 17:35:23,274: [6368] m.ethereum:INFO: Generated testcase No. 3 - RETURN 9 | 2018-05-24 17:35:23,830: [6368] m.ethereum:INFO: Generated testcase No. 4 - STOP 10 | 2018-05-24 17:35:24,940: [6103] m.ethereum:INFO: Results in /home/vagrant/mcore_5EYOmD 11 | EXITSTATUS=0 12 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_multifunc_feasible_87dd44e9-7e42-412a-9992-dea91036fee9/integer_overflow_multitx_multifunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, multi-function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function init() public { 11 | initialized = 1; 12 | } 13 | 14 | function run(uint256 input) { 15 | if (initialized == 0) { 16 | return; 17 | } 18 | 19 | count -= input; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_multifunc_feasible_87dd44e9-7e42-412a-9992-dea91036fee9/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:06,797: [8282] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:07,387: [8282] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:07,862: [8282] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:08,691: [8282] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:36:09,887: [8282] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:36:10,524: [8282] m.ethereum:INFO: Generated testcase No. 3 - REVERT 7 | 2018-05-24 17:36:11,189: [8282] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 5 | Alive States: 3 8 | 2018-05-24 17:36:11,211: [8606] m.ethereum:INFO: Generated testcase No. 4 - RETURN 9 | 2018-05-24 17:36:11,778: [8606] m.ethereum:INFO: Generated testcase No. 5 - STOP 10 | 2018-05-24 17:36:12,870: [8606] m.ethereum:INFO: Generated testcase No. 6 - STOP 11 | 2018-05-24 17:36:13,489: [8282] m.ethereum:INFO: Results in /home/vagrant/mcore_laFqHd 12 | EXITSTATUS=0 13 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_onefunc_feasible_74553f48-88d7-482c-b4b5-1a3acb34b8fc/integer_overflow_multitx_onefunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | initialized = 1; 13 | return; 14 | } 15 | 16 | count -= input; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_onefunc_feasible_74553f48-88d7-482c-b4b5-1a3acb34b8fc/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:52,446: [7572] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:52,958: [7572] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:53,432: [7572] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:54,034: [7572] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:54,682: [7572] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:55,918: [7572] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 7 | 2018-05-24 17:35:55,939: [7856] m.ethereum:INFO: Generated testcase No. 3 - RETURN 8 | 2018-05-24 17:35:56,479: [7856] m.ethereum:INFO: Generated testcase No. 4 - STOP 9 | 2018-05-24 17:35:57,560: [7572] m.ethereum:INFO: Results in /home/vagrant/mcore_m2JYVd 10 | EXITSTATUS=0 11 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_onefunc_infeasible_fac3086a-26b1-4591-b0aa-023be61e7686/integer_overflow_multitx_onefunc_infeasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Overflow infeasible because arithmetic instruction not reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | return; 13 | } 14 | 15 | count -= input; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_multitx_onefunc_infeasible_fac3086a-26b1-4591-b0aa-023be61e7686/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:59,636: [7931] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:00,134: [7931] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:00,605: [7931] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:01,210: [7931] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:36:01,857: [7931] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:36:03,088: [7931] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 7 | 2018-05-24 17:36:03,109: [8208] m.ethereum:INFO: Generated testcase No. 3 - RETURN 8 | 2018-05-24 17:36:03,658: [8208] m.ethereum:INFO: Generated testcase No. 4 - STOP 9 | 2018-05-24 17:36:04,749: [7931] m.ethereum:INFO: Results in /home/vagrant/mcore_3eDPNc 10 | EXITSTATUS=0 11 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_path_1_4a52ffba-4f65-49d9-9a9e-b0b16d04c64b/integer_overflow_path_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count = sub(count, input); 11 | } 12 | 13 | //from SafeMath 14 | function sub(uint256 a, uint256 b) internal pure returns (uint256) { 15 | require(b <= a);//SafeMath uses assert here 16 | return a - b; 17 | } 18 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_path_1_4a52ffba-4f65-49d9-9a9e-b0b16d04c64b/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:35:43,650: [7199] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:35:44,173: [7199] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:35:44,644: [7199] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:35:45,254: [7199] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:35:45,904: [7199] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:35:47,271: [7199] m.ethereum:INFO: Generated testcase No. 3 - REVERT 7 | 2018-05-24 17:35:48,383: [7199] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 5 | Alive States: 2 8 | 2018-05-24 17:35:48,409: [7497] m.ethereum:INFO: Generated testcase No. 4 - RETURN 9 | 2018-05-24 17:35:48,983: [7497] m.ethereum:INFO: Generated testcase No. 5 - STOP 10 | 2018-05-24 17:35:50,124: [7199] m.ethereum:INFO: Results in /home/vagrant/mcore_jPiCmp 11 | EXITSTATUS=0 12 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_staticarray_c8e66512-ab73-4964-8475-e366c1656f9e/integer_overflow_staticarray.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | contract C { 3 | uint256[6] private numbers; 4 | 5 | function get(uint256 i) public returns(uint256) { 6 | require(i < 6); 7 | return numbers[i]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_staticarray_c8e66512-ab73-4964-8475-e366c1656f9e/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:54,830: [10686] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:55,263: [10686] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:55,510: [10686] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:56,372: [10686] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:36:57,473: [10686] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:36:59,204: [10686] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 1 7 | 2018-05-24 17:36:59,212: [10977] m.ethereum:INFO: Generated testcase No. 3 - RETURN 8 | 2018-05-24 17:37:00,445: [10686] m.ethereum:INFO: Results in /home/vagrant/mcore_yGydp_ 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_storageinvariant_2f1e83b8-42f6-4235-9c02-d71b5bd6252a/integer_overflow_storageinvariant.sol: -------------------------------------------------------------------------------- 1 | //No underflow because of credit/balance invariant: sum (credit.values) = balance 2 | pragma solidity ^0.4.19; 3 | 4 | contract Benchmark { 5 | mapping (address => uint) credit; 6 | uint balance; 7 | 8 | function withdrawAll() public { 9 | uint oCredit = credit[msg.sender]; 10 | if (oCredit > 0) { 11 | credit[msg.sender] = 0; 12 | balance -= oCredit; 13 | msg.sender.transfer(oCredit); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | require(balance < 1000); 21 | } 22 | } -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_storageinvariant_2f1e83b8-42f6-4235-9c02-d71b5bd6252a/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:15,592: [8685] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:16,755: [8685] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:17,249: [8685] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:17,924: [8685] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:36:19,111: [8685] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:36:19,863: [8685] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 2 7 | 2018-05-24 17:36:19,884: [9250] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:36:20,489: [9250] m.ethereum:INFO: Generated testcase No. 4 - STOP 9 | 2018-05-24 17:36:21,276: [8685] m.ethereum:INFO: Results in /home/vagrant/mcore_JqpcZe 10 | EXITSTATUS=0 11 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_storagepacking_7fb88339-0d0a-48b2-953b-52b54c744b84/integer_overflow_storagepacking.sol: -------------------------------------------------------------------------------- 1 | //Storage packing optimization stores a,b in a single 32-byte storage slot. 2 | //solc generates MUL instruction that operates on compile-time constants to 3 | // extract variable a (or b) from packed storage slot. 4 | pragma solidity ^0.4.11; 5 | contract C { 6 | uint128 a; 7 | uint128 b; 8 | function C() public { 9 | a = 1; 10 | b = 2; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /html/run_manticoregit_integer_overflow_storagepacking_7fb88339-0d0a-48b2-953b-52b54c744b84/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:36:40,257: [10076] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:36:40,418: [10076] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:36:40,523: [10076] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:36:41,135: [10076] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 2 | Alive States: 0 5 | 2018-05-24 17:36:41,151: [10076] m.ethereum:INFO: Results in /home/vagrant/mcore_rHhB4P 6 | EXITSTATUS=0 7 | -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_dao_0e2feb0e-d2b4-44f0-ad3c-97f41eb00cd3/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:37:57,501: [14362] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:37:58,608: [14362] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:37:59,100: [14362] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:37:59,786: [14362] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:00,877: [14362] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 2 6 | 2018-05-24 17:38:00,899: [14895] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:38:01,478: [14895] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:38:02,162: [14362] m.ethereum:INFO: Results in /home/vagrant/mcore_QIqTEk 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_dao_0e2feb0e-d2b4-44f0-ad3c-97f41eb00cd3/reentrancy_dao.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | bool callResult = msg.sender.call.value(oCredit)(); 12 | require (callResult); 13 | credit[msg.sender] = 0; 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_dao_fixed_646e1ba2-a739-4a59-8f4d-571522619074/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:04,492: [14970] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:05,593: [14970] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:06,086: [14970] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:06,769: [14970] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:07,859: [14970] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 3 | Alive States: 2 6 | 2018-05-24 17:38:07,880: [15503] m.ethereum:INFO: Generated testcase No. 2 - STOP 7 | 2018-05-24 17:38:08,438: [15503] m.ethereum:INFO: Generated testcase No. 3 - STOP 8 | 2018-05-24 17:38:09,092: [14970] m.ethereum:INFO: Results in /home/vagrant/mcore_Rt2HwQ 9 | EXITSTATUS=0 10 | -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_dao_fixed_646e1ba2-a739-4a59-8f4d-571522619074/reentrancy_dao_fixed.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | credit[msg.sender] = 0; 12 | bool callResult = msg.sender.call.value(oCredit)(); 13 | require (callResult); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_nostateeffect_058bc89e-37bf-489e-9338-3e205e71169b/out.txt: -------------------------------------------------------------------------------- 1 | 2018-05-24 17:38:11,436: [15578] m.main:INFO: Beginning analysis 2 | 2018-05-24 17:38:12,048: [15578] m.ethereum:INFO: Starting symbolic transaction: 1 3 | 2018-05-24 17:38:12,349: [15578] m.ethereum:INFO: Generated testcase No. 0 - REVERT 4 | 2018-05-24 17:38:13,791: [15578] m.ethereum:INFO: Generated testcase No. 1 - REVERT 5 | 2018-05-24 17:38:14,864: [15578] m.ethereum:INFO: Generated testcase No. 2 - REVERT 6 | 2018-05-24 17:38:15,454: [15578] m.ethereum:INFO: Finished symbolic transaction: 1 | Code Coverage: 0% | Terminated States: 4 | Alive States: 0 7 | 2018-05-24 17:38:15,472: [15578] m.ethereum:INFO: Results in /home/vagrant/mcore_8A9A_Y 8 | EXITSTATUS=0 9 | -------------------------------------------------------------------------------- /html/run_manticoregit_reentrancy_nostateeffect_058bc89e-37bf-489e-9338-3e205e71169b/reentrancy_nostateeffect.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | interface Runner { 4 | function run(uint256 param) external; 5 | } 6 | 7 | contract Benchmark { 8 | 9 | function run(address base, uint256 param) public { 10 | Runner(base).run(param); 11 | } 12 | 13 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_constructor_321453cf-47aa-4124-b893-bb485ffe3d09/assert_constructor.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function Benchmark() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_constructor_321453cf-47aa-4124-b893-bb485ffe3d09/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_minimal_7e4898fa-b55c-41e6-a8bc-ce6fe2b4f8b2/assert_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_minimal_7e4898fa-b55c-41e6-a8bc-ce6fe2b4f8b2/out.txt: -------------------------------------------------------------------------------- 1 | ==== Exception state ==== 2 | Type: Informational 3 | Contract: Benchmark 4 | Function name: run() 5 | PC address: 96 6 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./assert_minimal.sol:5 9 | 10 | assert(false) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_multitx_1_a7829247-3cf7-42eb-a47c-84331bd3ebbd/assert_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_multitx_1_a7829247-3cf7-42eb-a47c-84331bd3ebbd/out.txt: -------------------------------------------------------------------------------- 1 | ==== Exception state ==== 2 | Type: Informational 3 | Contract: Benchmark 4 | Function name: run() 5 | PC address: 99 6 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./assert_multitx_1.sol:12 9 | 10 | assert(param > 0) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_multitx_2_e520b1c9-0793-4ea2-98d2-3828768a1b38/assert_multitx_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | function set(uint256 _param) { 16 | param = _param; 17 | } 18 | 19 | 20 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_multitx_2_e520b1c9-0793-4ea2-98d2-3828768a1b38/out.txt: -------------------------------------------------------------------------------- 1 | ==== Exception state ==== 2 | Type: Informational 3 | Contract: Benchmark 4 | Function name: run() 5 | PC address: 161 6 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./assert_multitx_2.sol:12 9 | 10 | assert(param > 0) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_require_d977d095-7c01-43dd-acf0-0d23be352ed9/assert_require.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 _param) public { 5 | require(_param > 0); 6 | assert(_param > 0); 7 | } 8 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_require_d977d095-7c01-43dd-acf0-0d23be352ed9/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_sym_7f01396f-8c81-4628-8e1e-e57595ed39b4/assert_sym.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 param) public { 5 | assert(param > 0); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_assert_sym_7f01396f-8c81-4628-8e1e-e57595ed39b4/out.txt: -------------------------------------------------------------------------------- 1 | ==== Exception state ==== 2 | Type: Informational 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 120 6 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./assert_sym.sol:5 9 | 10 | assert(param > 0) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_attribute_store_eca5c65f-0951-42ed-a21b-e20ceb637198/attribute_store.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | library AttributeStore { 4 | struct Data { 5 | mapping(bytes32 => uint) store; 6 | } 7 | 8 | function getAttribute(Data storage self, bytes32 _UUID, string _attrName) public view returns (uint) { 9 | bytes32 key = keccak256(_UUID, _attrName); 10 | return self.store[key]; 11 | } 12 | 13 | function attachAttribute(Data storage self, bytes32 _UUID, string _attrName, uint _attrVal) public { 14 | bytes32 key = keccak256(_UUID, _attrName); 15 | self.store[key] = _attrVal; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_attribute_store_eca5c65f-0951-42ed-a21b-e20ceb637198/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: AttributeStore 4 | Function name: _function_0x50389f5c 5 | PC address: 149 6 | A possible integer overflow exists in the function `_function_0x50389f5c`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./attribute_store.sol:8 10 | 11 | function getAttribute(Data storage self, bytes32 _UUID, string _attrName) public view returns (uint) { 12 | bytes32 key = keccak256(_UUID, _attrName); 13 | return self.store[key]; 14 | } 15 | 16 | -------------------- 17 | 18 | 19 | -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_2_cf4734a1-effd-4831-a51b-5b2f1f5fbe2f/eth_tx_order_dependence_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | uint256 public reward; 5 | address owner; 6 | 7 | function Benchmark() { 8 | owner = msg.sender; 9 | } 10 | 11 | function setReward() public payable { 12 | require(msg.sender == owner); 13 | 14 | owner.transfer(reward); //refund previous reward 15 | reward = msg.value; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_2_cf4734a1-effd-4831-a51b-5b2f1f5fbe2f/out.txt: -------------------------------------------------------------------------------- 1 | ==== Transaction order dependence ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: setReward() 5 | PC address: 316 6 | A possible transaction order independence vulnerability exists in function setReward(). The value or direction of the call statement is determined from a tainted storage location 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_2.sol:14 9 | 10 | owner.transfer(reward) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_minimal_26ca4434-c510-4c44-b544-5cc82b2a1464/eth_tx_order_dependence_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint public reward; 7 | 8 | function Benchmark() public { 9 | owner = msg.sender; 10 | } 11 | 12 | function setReward() public payable { 13 | require (!claimed); 14 | 15 | require(msg.sender == owner); 16 | owner.transfer(reward); 17 | reward = msg.value; 18 | } 19 | 20 | function claimReward(uint256 submission) { 21 | require (!claimed); 22 | require(submission < 10); 23 | 24 | msg.sender.transfer(reward); 25 | claimed = true; 26 | } 27 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_minimal_26ca4434-c510-4c44-b544-5cc82b2a1464/out.txt: -------------------------------------------------------------------------------- 1 | ==== Ether send ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: setReward() 5 | PC address: 554 6 | In the function `setReward()` a non-zero amount of Ether is sent to an address taken from storage slot 0. 7 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 8 | 9 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 10 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 11 | -------------------- 12 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:16 13 | 14 | owner.transfer(reward) 15 | 16 | -------------------- 17 | 18 | ==== Transaction order dependence ==== 19 | Type: Warning 20 | Contract: Benchmark 21 | Function name: setReward() 22 | PC address: 554 23 | A possible transaction order independence vulnerability exists in function setReward(). The value or direction of the call statement is determined from a tainted storage location 24 | -------------------- 25 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:16 26 | 27 | owner.transfer(reward) 28 | 29 | -------------------- 30 | 31 | ==== Ether send ==== 32 | Type: Warning 33 | Contract: Benchmark 34 | Function name: claimReward(uint256) 35 | PC address: 716 36 | In the function `claimReward(uint256)` a non-zero amount of Ether is sent to msg.sender. 37 | 38 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 39 | -------------------- 40 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:24 41 | 42 | msg.sender.transfer(reward) 43 | 44 | -------------------- 45 | 46 | ==== Transaction order dependence ==== 47 | Type: Warning 48 | Contract: Benchmark 49 | Function name: claimReward(uint256) 50 | PC address: 716 51 | A possible transaction order independence vulnerability exists in function claimReward(uint256). The value or direction of the call statement is determined from a tainted storage location 52 | -------------------- 53 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:24 54 | 55 | msg.sender.transfer(reward) 56 | 57 | -------------------- 58 | 59 | 60 | -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_multitx_1_a2a7e6d2-fcd6-4bd1-a5c5-43dd02825883/eth_tx_order_dependence_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint256 public reward; 7 | bool public freezeReward; 8 | 9 | function Benchmark() public { 10 | owner = msg.sender; 11 | } 12 | 13 | function setReward() public payable { 14 | require (!claimed); 15 | require (!freezeReward); 16 | require(msg.sender == owner); 17 | 18 | owner.transfer(reward); 19 | reward = msg.value; 20 | } 21 | 22 | function freezeReward() public { 23 | freezeReward = true; 24 | } 25 | 26 | function claimReward(uint256 submission) { 27 | require (freezeReward); 28 | require (!claimed); 29 | require(submission < 10); 30 | 31 | msg.sender.transfer(reward); 32 | claimed = true; 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_multitx_1_a2a7e6d2-fcd6-4bd1-a5c5-43dd02825883/out.txt: -------------------------------------------------------------------------------- 1 | ==== Transaction order dependence ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: setReward() 5 | PC address: 616 6 | A possible transaction order independence vulnerability exists in function setReward(). The value or direction of the call statement is determined from a tainted storage location 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:18 9 | 10 | owner.transfer(reward) 11 | 12 | -------------------- 13 | 14 | ==== Transaction order dependence ==== 15 | Type: Warning 16 | Contract: Benchmark 17 | Function name: claimReward(uint256) 18 | PC address: 834 19 | A possible transaction order independence vulnerability exists in function claimReward(uint256). The value or direction of the call statement is determined from a tainted storage location 20 | -------------------- 21 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:31 22 | 23 | msg.sender.transfer(reward) 24 | 25 | -------------------- 26 | 27 | ==== Ether send ==== 28 | Type: Warning 29 | Contract: Benchmark 30 | Function name: claimReward(uint256) 31 | PC address: 834 32 | In the function `claimReward(uint256)` a non-zero amount of Ether is sent to msg.sender. 33 | 34 | There is a check on storage index 2. This storage slot can be written to by calling the function `freezeReward()`. 35 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 36 | -------------------- 37 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:31 38 | 39 | msg.sender.transfer(reward) 40 | 41 | -------------------- 42 | 43 | ==== Ether send ==== 44 | Type: Warning 45 | Contract: Benchmark 46 | Function name: setReward() 47 | PC address: 616 48 | In the function `setReward()` a non-zero amount of Ether is sent to an address taken from storage slot 0. 49 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 50 | 51 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 52 | There is a check on storage index 2. This storage slot can be written to by calling the function `freezeReward()`. 53 | There is a check on storage index 0. This storage slot can be written to by calling the function `claimReward(uint256)`. 54 | -------------------- 55 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:18 56 | 57 | owner.transfer(reward) 58 | 59 | -------------------- 60 | 61 | 62 | -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_puzzle_06614296-6630-47a4-aa49-90112e16fdbb/eth_tx_order_dependence_puzzle.sol: -------------------------------------------------------------------------------- 1 | //Adapted from Oyente paper 2 | pragma solidity ^0.4.16; 3 | 4 | contract Benchmark { 5 | address public owner ; 6 | bool public locked ; 7 | uint public reward ; 8 | bytes32 public diff ; 9 | bytes public solution; 10 | 11 | function Puzzle() public payable { 12 | owner = msg.sender; 13 | reward = msg.value; 14 | locked = false ; 15 | diff = bytes32 (11111); // pre - defined difficulty 16 | } 17 | 18 | function () public payable { // main code , runs at every invocation 19 | if ( msg.sender == owner ){ // update reward 20 | require (!locked); 21 | owner.transfer(reward); 22 | reward = msg.value; 23 | } else { 24 | if (msg.data.length > 0) { // submit a solution 25 | require (!locked); 26 | if ( sha256 (msg.data ) < diff ){ 27 | msg.sender.transfer(reward); // send reward 28 | solution = msg.data; 29 | locked = true; 30 | } 31 | } 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_eth_tx_order_dependence_puzzle_06614296-6630-47a4-aa49-90112e16fdbb/out.txt: -------------------------------------------------------------------------------- 1 | ==== Transaction order dependence ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: fallback 5 | PC address: 316 6 | A possible transaction order independence vulnerability exists in function fallback. The value or direction of the call statement is determined from a tainted storage location 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:21 9 | 10 | owner.transfer(reward) 11 | 12 | -------------------- 13 | 14 | ==== Transaction order dependence ==== 15 | Type: Warning 16 | Contract: Benchmark 17 | Function name: fallback 18 | PC address: 551 19 | A possible transaction order independence vulnerability exists in function fallback. The value or direction of the call statement is determined from a tainted storage location 20 | -------------------- 21 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:27 22 | 23 | msg.sender.transfer(reward) 24 | 25 | -------------------- 26 | 27 | ==== Ether send ==== 28 | Type: Warning 29 | Contract: Benchmark 30 | Function name: fallback 31 | PC address: 551 32 | In the function `fallback` a non-zero amount of Ether is sent to msg.sender. 33 | 34 | There is a check on storage index 0. This storage slot can be written to by calling the function `Puzzle()`. 35 | There is a check on storage index 0. This storage slot can be written to by calling the function `Puzzle()`. 36 | There is a check on storage index 2. This storage slot can be written to by calling the function `Puzzle()`. 37 | -------------------- 38 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:27 39 | 40 | msg.sender.transfer(reward) 41 | 42 | -------------------- 43 | 44 | ==== Integer Overflow ==== 45 | Type: Warning 46 | Contract: Benchmark 47 | Function name: fallback 48 | PC address: 1416 49 | A possible integer overflow exists in the function `fallback`. 50 | The addition or multiplication may result in a value higher than the maximum representable integer. 51 | -------------------- 52 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:4 53 | 54 | contract Benchmark { 55 | address public owner ; 56 | bool public locked ; 57 | uint public reward ; 58 | bytes32 public diff ; 59 | bytes public solution; 60 | 61 | function Puzzle() public payable { 62 | owner = msg.sender; 63 | reward = msg.value; 64 | locked = false ; 65 | diff = bytes32 (11111); // pre - defined difficulty 66 | } 67 | 68 | function () public payable { // main code , runs at every invocation 69 | if ( msg.sender == owner ){ // update reward 70 | require (!locked); 71 | owner.transfer(reward); 72 | reward = msg.value; 73 | } else { 74 | if (msg.data.length > 0) { // submit a solution 75 | require (!locked); 76 | if ( sha256 (msg.data ) < diff ){ 77 | msg.sender.transfer(reward); // send reward 78 | solution = msg.data; 79 | locked = true; 80 | } 81 | } 82 | } 83 | } 84 | } 85 | 86 | -------------------- 87 | 88 | ==== Ether send ==== 89 | Type: Warning 90 | Contract: Benchmark 91 | Function name: fallback 92 | PC address: 316 93 | In the function `fallback` a non-zero amount of Ether is sent to an address taken from storage slot 0. 94 | There is a check on storage index 0. This storage slot can be written to by calling the function `Puzzle()`. 95 | 96 | There is a check on storage index 0. This storage slot can be written to by calling the function `Puzzle()`. 97 | There is a check on storage index 0. This storage slot can be written to by calling the function `Puzzle()`. 98 | -------------------- 99 | In file: /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:21 100 | 101 | owner.transfer(reward) 102 | 103 | -------------------- 104 | 105 | 106 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_add_ea90f677-9535-43fd-9d7f-1bb9a54f08d5/integer_overflow_add.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count += input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_add_ea90f677-9535-43fd-9d7f-1bb9a54f08d5/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 174 6 | A possible integer overflow exists in the function `run(uint256)`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_add.sol:10 10 | 11 | count += input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_benign_1_b3eaf6b7-ea3e-43a8-87eb-92e7028de696/integer_overflow_benign_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow never escapes function 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | uint res = count - input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_benign_1_b3eaf6b7-ea3e-43a8-87eb-92e7028de696/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_benign_2_4c62ea0e-e4a8-48b8-af92-ee5d37fd91d0/integer_overflow_benign_2.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count; 8 | 9 | function run(uint256 input) public { 10 | bool err; 11 | uint256 res = 1; 12 | 13 | (err, res) = minus(res, input); 14 | 15 | require(!err); 16 | count = res; 17 | } 18 | 19 | //from BasicMathLib 20 | function minus(uint256 a, uint256 b) private pure returns (bool err,uint256 res) { 21 | assembly { 22 | res := sub(a,b) 23 | switch eq(and(eq(add(res,b), a), or(lt(res,a), eq(res,a))), 1) 24 | case 0 { 25 | err := 1 26 | res := 0 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_benign_2_4c62ea0e-e4a8-48b8-af92-ee5d37fd91d0/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 246 6 | A possible integer overflow exists in the function `run(uint256)`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_benign_2.sol:23 10 | 11 | add(res,b) 12 | 13 | -------------------- 14 | 15 | ==== Integer Underflow ==== 16 | Type: Warning 17 | Contract: Benchmark 18 | Function name: run(uint256) 19 | PC address: 231 20 | A possible integer underflow exists in the function `run(uint256)`. 21 | The subtraction may result in a value < 0. 22 | -------------------- 23 | In file: /home/vagrant/host/benchmarks/./integer_overflow_benign_2.sol:22 24 | 25 | sub(a,b) 26 | 27 | -------------------- 28 | 29 | 30 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_bytes_param_0d6b60de-ae0f-49f4-8422-ea173d920ff0/integer_overflow_bytes_param.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | function get(bytes key) public pure returns (bytes32) { 5 | return keccak256(key); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_bytes_param_0d6b60de-ae0f-49f4-8422-ea173d920ff0/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: get(bytes) 5 | PC address: 104 6 | A possible integer overflow exists in the function `get(bytes)`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_bytes_param.sol:4 10 | 11 | function get(bytes key) public pure returns (bytes32) { 12 | return keccak256(key); 13 | } 14 | 15 | -------------------- 16 | 17 | 18 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_dynarray_f33d1a1d-33d8-422c-b0be-01ebdba823a3/integer_overflow_dynarray.sol: -------------------------------------------------------------------------------- 1 | //Dynamic storage array with packing 2 | // 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | 7 | uint128[] private s; 8 | 9 | function init() public { 10 | s.length = 4; 11 | s[0] = 0xAA; 12 | s[1] = 0xBB; 13 | s[2] = 0xCC; 14 | s[3] = 0xDD; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_dynarray_f33d1a1d-33d8-422c-b0be-01ebdba823a3/out.txt: -------------------------------------------------------------------------------- 1 | ==== Exception state ==== 2 | Type: Informational 3 | Contract: Benchmark 4 | Function name: init() 5 | PC address: 311 6 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:13 9 | 10 | s[2] 11 | 12 | -------------------- 13 | 14 | ==== Exception state ==== 15 | Type: Informational 16 | Contract: Benchmark 17 | Function name: init() 18 | PC address: 404 19 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 20 | -------------------- 21 | In file: /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:14 22 | 23 | s[3] 24 | 25 | -------------------- 26 | 27 | ==== Exception state ==== 28 | Type: Informational 29 | Contract: Benchmark 30 | Function name: init() 31 | PC address: 218 32 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 33 | -------------------- 34 | In file: /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:12 35 | 36 | s[1] 37 | 38 | -------------------- 39 | 40 | ==== Exception state ==== 41 | Type: Informational 42 | Contract: Benchmark 43 | Function name: init() 44 | PC address: 125 45 | A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 46 | -------------------- 47 | In file: /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:11 48 | 49 | s[0] 50 | 51 | -------------------- 52 | 53 | ==== Integer Overflow ==== 54 | Type: Warning 55 | Contract: Benchmark 56 | Function name: init() 57 | PC address: 498 58 | A possible integer overflow exists in the function `init()`. 59 | The addition or multiplication may result in a value higher than the maximum representable integer. 60 | -------------------- 61 | In file: /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:5 62 | 63 | contract Benchmark { 64 | 65 | uint128[] private s; 66 | 67 | function init() public { 68 | s.length = 4; 69 | s[0] = 0xAA; 70 | s[1] = 0xBB; 71 | s[2] = 0xCC; 72 | s[3] = 0xDD; 73 | } 74 | } 75 | 76 | -------------------- 77 | 78 | 79 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_mapping_199d3dba-f771-46d4-9569-b64f071b599d/integer_overflow_mapping_mapping.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | mapping(uint256 => mapping (uint256 => Tuple)) maps; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | maps[k][k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_mapping_199d3dba-f771-46d4-9569-b64f071b599d/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_staticarray_ece4d259-f086-4b53-bd6c-0e2d488ee0a7/integer_overflow_mapping_staticarray.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['map']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => bytes2) map; 7 | 8 | function init(uint256 k) public { 9 | map[k] = 0x1A; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_staticarray_ece4d259-f086-4b53-bd6c-0e2d488ee0a7/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_strkey_1ac8db10-c690-4166-ab04-91947b2b692f/integer_overflow_mapping_strkey.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | mapping(string => uint256) map; 5 | 6 | function get(string key) public view returns (uint256) { 7 | return map[key]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_strkey_1ac8db10-c690-4166-ab04-91947b2b692f/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: get(string) 5 | PC address: 104 6 | A possible integer overflow exists in the function `get(string)`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_mapping_strkey.sol:6 10 | 11 | function get(string key) public view returns (uint256) { 12 | return map[key]; 13 | } 14 | 15 | -------------------- 16 | 17 | 18 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_struct_4bd1f855-8a65-4363-b3d5-7a1b16ffe74b/integer_overflow_mapping_struct.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => Tuple) tuples; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | tuples[k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_struct_4bd1f855-8a65-4363-b3d5-7a1b16ffe74b/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_sym_1_064701b9-4253-4299-b4d3-3e6ac923e292/integer_overflow_mapping_sym_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | map[k] -= v; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_sym_1_064701b9-4253-4299-b4d3-3e6ac923e292/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Underflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: init(uint256,uint256) 5 | PC address: 145 6 | A possible integer underflow exists in the function `init(uint256,uint256)`. 7 | The subtraction may result in a value < 0. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_mapping_sym_1.sol:7 10 | 11 | map[k] -= v 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_sym_2_4e884b75-19ea-4757-9528-2ed08e5e5bb6/integer_overflow_mapping_sym_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | require(v < 10); 8 | map[k] = 10; 9 | map[k] -= v; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_sym_2_4e884b75-19ea-4757-9528-2ed08e5e5bb6/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_word_a8dc79d7-6757-4804-b99f-8bd0950e3fb2/integer_overflow_mapping_word.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[i].a calculated as 2 | // keccak(bytes32(i) + bytes32(position['tuples']))+offset[a] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => uint256) tuples; 7 | 8 | //tuple variable offset added to keccak(bytes32(key) + bytes32(position)) 9 | function init(uint256 key) public { 10 | tuples[key] = 0x1A; 11 | //tuples[key].b = 0x1B; 12 | //tuples[key].c = 0x1C; 13 | } 14 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mapping_word_a8dc79d7-6757-4804-b99f-8bd0950e3fb2/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_minimal_7a6af87d-f06f-42be-a249-198156c6a22c/integer_overflow_minimal.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count -= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_minimal_7a6af87d-f06f-42be-a249-198156c6a22c/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Underflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 174 6 | A possible integer underflow exists in the function `run(uint256)`. 7 | The subtraction may result in a value < 0. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_minimal.sol:10 10 | 11 | count -= input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mul_4f311d40-2d7f-4392-bec4-c6ecb2893f81/integer_overflow_mul.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 2; 8 | 9 | function run(uint256 input) public { 10 | count *= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_mul_4f311d40-2d7f-4392-bec4-c6ecb2893f81/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 174 6 | A possible integer overflow exists in the function `run(uint256)`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_mul.sol:10 10 | 11 | count *= input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_multifunc_feasible_e705745f-0e49-4931-88dd-38c4e4c2f22b/integer_overflow_multitx_multifunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, multi-function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function init() public { 11 | initialized = 1; 12 | } 13 | 14 | function run(uint256 input) { 15 | if (initialized == 0) { 16 | return; 17 | } 18 | 19 | count -= input; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_multifunc_feasible_e705745f-0e49-4931-88dd-38c4e4c2f22b/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Underflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 218 6 | A possible integer underflow exists in the function `run(uint256)`. 7 | The subtraction may result in a value < 0. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_multitx_multifunc_feasible.sol:19 10 | 11 | count -= input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_onefunc_feasible_5f36bb18-6192-4d9e-856e-10d50af5a158/integer_overflow_multitx_onefunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | initialized = 1; 13 | return; 14 | } 15 | 16 | count -= input; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_onefunc_feasible_5f36bb18-6192-4d9e-856e-10d50af5a158/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Underflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 196 6 | A possible integer underflow exists in the function `run(uint256)`. 7 | The subtraction may result in a value < 0. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_multitx_onefunc_feasible.sol:16 10 | 11 | count -= input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_onefunc_infeasible_6b9d64a3-ee03-4b14-87ea-4a9a1d23c2a0/integer_overflow_multitx_onefunc_infeasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Overflow infeasible because arithmetic instruction not reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | return; 13 | } 14 | 15 | count -= input; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_multitx_onefunc_infeasible_6b9d64a3-ee03-4b14-87ea-4a9a1d23c2a0/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Underflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(uint256) 5 | PC address: 188 6 | A possible integer underflow exists in the function `run(uint256)`. 7 | The subtraction may result in a value < 0. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_multitx_onefunc_infeasible.sol:15 10 | 11 | count -= input 12 | 13 | -------------------- 14 | 15 | 16 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_path_1_4fe5e769-3231-4104-b11d-482d86cf1e9f/integer_overflow_path_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count = sub(count, input); 11 | } 12 | 13 | //from SafeMath 14 | function sub(uint256 a, uint256 b) internal pure returns (uint256) { 15 | require(b <= a);//SafeMath uses assert here 16 | return a - b; 17 | } 18 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_path_1_4fe5e769-3231-4104-b11d-482d86cf1e9f/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_staticarray_0ec2886b-a710-47b0-ae54-8bc72ebae4ea/integer_overflow_staticarray.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | contract C { 3 | uint256[6] private numbers; 4 | 5 | function get(uint256 i) public returns(uint256) { 6 | require(i < 6); 7 | return numbers[i]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_staticarray_0ec2886b-a710-47b0-ae54-8bc72ebae4ea/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_storageinvariant_21167a8f-1e43-4784-82b9-1a2de964a0cb/integer_overflow_storageinvariant.sol: -------------------------------------------------------------------------------- 1 | //No underflow because of credit/balance invariant: sum (credit.values) = balance 2 | pragma solidity ^0.4.19; 3 | 4 | contract Benchmark { 5 | mapping (address => uint) credit; 6 | uint balance; 7 | 8 | function withdrawAll() public { 9 | uint oCredit = credit[msg.sender]; 10 | if (oCredit > 0) { 11 | credit[msg.sender] = 0; 12 | balance -= oCredit; 13 | msg.sender.transfer(oCredit); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | require(balance < 1000); 21 | } 22 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_storageinvariant_21167a8f-1e43-4784-82b9-1a2de964a0cb/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: deposit() 5 | PC address: 418 6 | A possible integer overflow exists in the function `deposit()`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./integer_overflow_storageinvariant.sol:18 10 | 11 | credit[msg.sender] += msg.value 12 | 13 | -------------------- 14 | 15 | ==== Integer Underflow ==== 16 | Type: Warning 17 | Contract: Benchmark 18 | Function name: withdrawAll() 19 | PC address: 267 20 | A possible integer underflow exists in the function `withdrawAll()`. 21 | The subtraction may result in a value < 0. 22 | -------------------- 23 | In file: /home/vagrant/host/benchmarks/./integer_overflow_storageinvariant.sol:12 24 | 25 | balance -= oCredit 26 | 27 | -------------------- 28 | 29 | ==== Integer Overflow ==== 30 | Type: Warning 31 | Contract: Benchmark 32 | Function name: deposit() 33 | PC address: 434 34 | A possible integer overflow exists in the function `deposit()`. 35 | The addition or multiplication may result in a value higher than the maximum representable integer. 36 | -------------------- 37 | In file: /home/vagrant/host/benchmarks/./integer_overflow_storageinvariant.sol:19 38 | 39 | balance += msg.value 40 | 41 | -------------------- 42 | 43 | 44 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_storagepacking_e23bc27a-d131-43eb-b40c-8d9b38b368ec/integer_overflow_storagepacking.sol: -------------------------------------------------------------------------------- 1 | //Storage packing optimization stores a,b in a single 32-byte storage slot. 2 | //solc generates MUL instruction that operates on compile-time constants to 3 | // extract variable a (or b) from packed storage slot. 4 | pragma solidity ^0.4.11; 5 | contract C { 6 | uint128 a; 7 | uint128 b; 8 | function C() public { 9 | a = 1; 10 | b = 2; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /html/run_mythrilpip_integer_overflow_storagepacking_e23bc27a-d131-43eb-b40c-8d9b38b368ec/out.txt: -------------------------------------------------------------------------------- 1 | The analysis was completed successfully. No issues were detected. 2 | -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_dao_77f67243-c7fc-4999-b018-1069b1ff96a8/out.txt: -------------------------------------------------------------------------------- 1 | ==== Message call to external contract ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: withdrawAll() 5 | PC address: 247 6 | This contract executes a message call to the address of the transaction sender. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao.sol:11 9 | 10 | msg.sender.call.value(oCredit)() 11 | 12 | -------------------- 13 | 14 | ==== Integer Overflow ==== 15 | Type: Warning 16 | Contract: Benchmark 17 | Function name: deposit() 18 | PC address: 407 19 | A possible integer overflow exists in the function `deposit()`. 20 | The addition or multiplication may result in a value higher than the maximum representable integer. 21 | -------------------- 22 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao.sol:18 23 | 24 | credit[msg.sender] += msg.value 25 | 26 | -------------------- 27 | 28 | ==== Integer Overflow ==== 29 | Type: Warning 30 | Contract: Benchmark 31 | Function name: deposit() 32 | PC address: 423 33 | A possible integer overflow exists in the function `deposit()`. 34 | The addition or multiplication may result in a value higher than the maximum representable integer. 35 | -------------------- 36 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao.sol:19 37 | 38 | balance += msg.value 39 | 40 | -------------------- 41 | 42 | ==== State change after external call ==== 43 | Type: Warning 44 | Contract: Benchmark 45 | Function name: withdrawAll() 46 | PC address: 332 47 | The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. 48 | -------------------- 49 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao.sol:13 50 | 51 | credit[msg.sender] = 0 52 | 53 | -------------------- 54 | 55 | ==== Integer Underflow ==== 56 | Type: Warning 57 | Contract: Benchmark 58 | Function name: withdrawAll() 59 | PC address: 200 60 | A possible integer underflow exists in the function `withdrawAll()`. 61 | The subtraction may result in a value < 0. 62 | -------------------- 63 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao.sol:10 64 | 65 | balance -= oCredit 66 | 67 | -------------------- 68 | 69 | 70 | -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_dao_77f67243-c7fc-4999-b018-1069b1ff96a8/reentrancy_dao.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | bool callResult = msg.sender.call.value(oCredit)(); 12 | require (callResult); 13 | credit[msg.sender] = 0; 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_dao_fixed_124cdf63-b8a9-4ca5-b2a0-62a7946d63d5/out.txt: -------------------------------------------------------------------------------- 1 | ==== Integer Overflow ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: deposit() 5 | PC address: 407 6 | A possible integer overflow exists in the function `deposit()`. 7 | The addition or multiplication may result in a value higher than the maximum representable integer. 8 | -------------------- 9 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao_fixed.sol:18 10 | 11 | credit[msg.sender] += msg.value 12 | 13 | -------------------- 14 | 15 | ==== Integer Overflow ==== 16 | Type: Warning 17 | Contract: Benchmark 18 | Function name: deposit() 19 | PC address: 423 20 | A possible integer overflow exists in the function `deposit()`. 21 | The addition or multiplication may result in a value higher than the maximum representable integer. 22 | -------------------- 23 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao_fixed.sol:19 24 | 25 | balance += msg.value 26 | 27 | -------------------- 28 | 29 | ==== Integer Underflow ==== 30 | Type: Warning 31 | Contract: Benchmark 32 | Function name: withdrawAll() 33 | PC address: 200 34 | A possible integer underflow exists in the function `withdrawAll()`. 35 | The subtraction may result in a value < 0. 36 | -------------------- 37 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao_fixed.sol:10 38 | 39 | balance -= oCredit 40 | 41 | -------------------- 42 | 43 | ==== Message call to external contract ==== 44 | Type: Warning 45 | Contract: Benchmark 46 | Function name: withdrawAll() 47 | PC address: 315 48 | This contract executes a message call to the address of the transaction sender. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. 49 | -------------------- 50 | In file: /home/vagrant/host/benchmarks/./reentrancy_dao_fixed.sol:12 51 | 52 | msg.sender.call.value(oCredit)() 53 | 54 | -------------------- 55 | 56 | 57 | -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_dao_fixed_124cdf63-b8a9-4ca5-b2a0-62a7946d63d5/reentrancy_dao_fixed.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | credit[msg.sender] = 0; 12 | bool callResult = msg.sender.call.value(oCredit)(); 13 | require (callResult); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_nostateeffect_6c7cc0f9-b882-40da-ae46-40090033f3d6/out.txt: -------------------------------------------------------------------------------- 1 | ==== Message call to external contract ==== 2 | Type: Warning 3 | Contract: Benchmark 4 | Function name: run(address,uint256) 5 | PC address: 261 6 | This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. 7 | -------------------- 8 | In file: /home/vagrant/host/benchmarks/./reentrancy_nostateeffect.sol:10 9 | 10 | Runner(base).run(param) 11 | 12 | -------------------- 13 | 14 | 15 | -------------------------------------------------------------------------------- /html/run_mythrilpip_reentrancy_nostateeffect_6c7cc0f9-b882-40da-ae46-40090033f3d6/reentrancy_nostateeffect.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | interface Runner { 4 | function run(uint256 param) external; 5 | } 6 | 7 | contract Benchmark { 8 | 9 | function run(address base, uint256 param) public { 10 | Runner(base).run(param); 11 | } 12 | 13 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_constructor_0f071cbd-7dda-48e0-bc66-808f0d7a0256/assert_constructor.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function Benchmark() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_constructor_0f071cbd-7dda-48e0-bc66-808f0d7a0256/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_constructor.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 100.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_assert_minimal_85aecf62-6216-454b-80ac-f5e1bc49b2a3/assert_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run() public { 5 | assert(false); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_minimal_85aecf62-6216-454b-80ac-f5e1bc49b2a3/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_minimal.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 89.6% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: True 13 | /home/vagrant/host/benchmarks/./assert_minimal.sol:Benchmark:5:9 14 | assert(false) 15 | ^ 16 | 17 | INFO:oyente.symExec: ====== Analysis Completed ====== 18 | -------------------------------------------------------------------------------- /html/run_oyentepip_assert_multitx_1_5a865002-02a4-4b83-95da-9739ac3e750a/assert_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_multitx_1_5a865002-02a4-4b83-95da-9739ac3e750a/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_multitx_1.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: True 13 | /home/vagrant/host/benchmarks/./assert_multitx_1.sol:Benchmark:12:9 14 | assert(param > 0) 15 | ^ 16 | param = 0 17 | 18 | INFO:oyente.symExec: ====== Analysis Completed ====== 19 | -------------------------------------------------------------------------------- /html/run_oyentepip_assert_multitx_2_84c101df-6ef3-4594-89bd-9cd3e99e6d15/assert_multitx_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | uint256 private param; 5 | 6 | function Benchmark(uint256 _param) public { 7 | require(_param > 0); 8 | param = _param; 9 | } 10 | 11 | function run() { 12 | assert(param > 0); 13 | } 14 | 15 | function set(uint256 _param) { 16 | param = _param; 17 | } 18 | 19 | 20 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_multitx_2_84c101df-6ef3-4594-89bd-9cd3e99e6d15/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_multitx_2.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: True 13 | /home/vagrant/host/benchmarks/./assert_multitx_2.sol:Benchmark:12:9 14 | assert(param > 0) 15 | ^ 16 | param = 0 17 | 18 | INFO:oyente.symExec: ====== Analysis Completed ====== 19 | -------------------------------------------------------------------------------- /html/run_oyentepip_assert_require_56b7de96-8d57-4da0-a149-d1beba0b0a24/assert_require.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 _param) public { 5 | require(_param > 0); 6 | assert(_param > 0); 7 | } 8 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_require_56b7de96-8d57-4da0-a149-d1beba0b0a24/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_require.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 97.3% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_assert_sym_418cc2d2-625e-46cd-a3fa-23bdba7f4307/assert_sym.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | function run(uint256 param) public { 5 | assert(param > 0); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_oyentepip_assert_sym_418cc2d2-625e-46cd-a3fa-23bdba7f4307/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./assert_sym.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.4% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: True 13 | /home/vagrant/host/benchmarks/./assert_sym.sol:Benchmark:5:9 14 | assert(param > 0) 15 | ^ 16 | param = 0 17 | 18 | INFO:oyente.symExec: ====== Analysis Completed ====== 19 | -------------------------------------------------------------------------------- /html/run_oyentepip_attribute_store_b42b2a92-3307-488e-b526-0818e41bffe7/attribute_store.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | library AttributeStore { 4 | struct Data { 5 | mapping(bytes32 => uint) store; 6 | } 7 | 8 | function getAttribute(Data storage self, bytes32 _UUID, string _attrName) public view returns (uint) { 9 | bytes32 key = keccak256(_UUID, _attrName); 10 | return self.store[key]; 11 | } 12 | 13 | function attachAttribute(Data storage self, bytes32 _UUID, string _attrName, uint _attrVal) public { 14 | bytes32 key = keccak256(_UUID, _attrName); 15 | self.store[key] = _attrVal; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_oyentepip_attribute_store_b42b2a92-3307-488e-b526-0818e41bffe7/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./attribute_store.sol:AttributeStore: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 49.6% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_2_ea758025-c8c1-4564-9d27-ca45ea9a2c5e/eth_tx_order_dependence_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | uint256 public reward; 5 | address owner; 6 | 7 | function Benchmark() { 8 | owner = msg.sender; 9 | } 10 | 11 | function setReward() public payable { 12 | require(msg.sender == owner); 13 | 14 | owner.transfer(reward); //refund previous reward 15 | reward = msg.value; 16 | } 17 | } -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_2_ea758025-c8c1-4564-9d27-ca45ea9a2c5e/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./eth_tx_order_dependence_2.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 97.4% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_minimal_4b3fc469-5cf7-4dce-9d65-55a0f59e3c2e/eth_tx_order_dependence_minimal.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint public reward; 7 | 8 | function Benchmark() public { 9 | owner = msg.sender; 10 | } 11 | 12 | function setReward() public payable { 13 | require (!claimed); 14 | 15 | require(msg.sender == owner); 16 | owner.transfer(reward); 17 | reward = msg.value; 18 | } 19 | 20 | function claimReward(uint256 submission) { 21 | require (!claimed); 22 | require(submission < 10); 23 | 24 | msg.sender.transfer(reward); 25 | claimed = true; 26 | } 27 | } -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_minimal_4b3fc469-5cf7-4dce-9d65-55a0f59e3c2e/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.3% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: True 10 | Flow 1: 11 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:Benchmark:16:9 12 | owner.transfer(reward) 13 | ^ 14 | Flow 2: 15 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_minimal.sol:Benchmark:24:9 16 | msg.sender.transfer(reward) 17 | ^ 18 | INFO:oyente.symExec: Time dependency bug: False 19 | INFO:oyente.symExec: Reentrancy bug: False 20 | INFO:oyente.symExec: Assertion failure: False 21 | INFO:oyente.symExec: ====== Analysis Completed ====== 22 | -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_multitx_1_4aa5152c-2e12-48e1-8623-916d8f9a0cfc/eth_tx_order_dependence_multitx_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.16; 2 | 3 | contract Benchmark { 4 | address public owner; 5 | bool public claimed; 6 | uint256 public reward; 7 | bool public freezeReward; 8 | 9 | function Benchmark() public { 10 | owner = msg.sender; 11 | } 12 | 13 | function setReward() public payable { 14 | require (!claimed); 15 | require (!freezeReward); 16 | require(msg.sender == owner); 17 | 18 | owner.transfer(reward); 19 | reward = msg.value; 20 | } 21 | 22 | function freezeReward() public { 23 | freezeReward = true; 24 | } 25 | 26 | function claimReward(uint256 submission) { 27 | require (freezeReward); 28 | require (!claimed); 29 | require(submission < 10); 30 | 31 | msg.sender.transfer(reward); 32 | claimed = true; 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_multitx_1_4aa5152c-2e12-48e1-8623-916d8f9a0cfc/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.6% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: True 10 | Flow 1: 11 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:Benchmark:18:9 12 | owner.transfer(reward) 13 | ^ 14 | Flow 2: 15 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_multitx_1.sol:Benchmark:31:9 16 | msg.sender.transfer(reward) 17 | ^ 18 | INFO:oyente.symExec: Time dependency bug: False 19 | INFO:oyente.symExec: Reentrancy bug: False 20 | INFO:oyente.symExec: Assertion failure: False 21 | INFO:oyente.symExec: ====== Analysis Completed ====== 22 | -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_puzzle_c0b5dcaf-c87a-4957-99ca-8f72786650ce/eth_tx_order_dependence_puzzle.sol: -------------------------------------------------------------------------------- 1 | //Adapted from Oyente paper 2 | pragma solidity ^0.4.16; 3 | 4 | contract Benchmark { 5 | address public owner ; 6 | bool public locked ; 7 | uint public reward ; 8 | bytes32 public diff ; 9 | bytes public solution; 10 | 11 | function Puzzle() public payable { 12 | owner = msg.sender; 13 | reward = msg.value; 14 | locked = false ; 15 | diff = bytes32 (11111); // pre - defined difficulty 16 | } 17 | 18 | function () public payable { // main code , runs at every invocation 19 | if ( msg.sender == owner ){ // update reward 20 | require (!locked); 21 | owner.transfer(reward); 22 | reward = msg.value; 23 | } else { 24 | if (msg.data.length > 0) { // submit a solution 25 | require (!locked); 26 | if ( sha256 (msg.data ) < diff ){ 27 | msg.sender.transfer(reward); // send reward 28 | solution = msg.data; 29 | locked = true; 30 | } 31 | } 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /html/run_oyentepip_eth_tx_order_dependence_puzzle_c0b5dcaf-c87a-4957-99ca-8f72786650ce/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 88.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: True 10 | Flow 1: 11 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:Benchmark:27:21 12 | msg.sender.transfer(reward) 13 | ^ 14 | Flow 2: 15 | /home/vagrant/host/benchmarks/./eth_tx_order_dependence_puzzle.sol:Benchmark:21:13 16 | owner.transfer(reward) 17 | ^ 18 | INFO:oyente.symExec: Time dependency bug: False 19 | INFO:oyente.symExec: Reentrancy bug: False 20 | INFO:oyente.symExec: Assertion failure: False 21 | INFO:oyente.symExec: ====== Analysis Completed ====== 22 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_add_7a932dee-ccbb-4004-b6b3-614fc0e041ab/integer_overflow_add.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count += input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_add_7a932dee-ccbb-4004-b6b3-614fc0e041ab/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_add.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.1% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_benign_1_18bbc797-f3f2-41a0-90c6-8c72141a62fe/integer_overflow_benign_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow never escapes function 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | uint res = count - input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_benign_1_18bbc797-f3f2-41a0-90c6-8c72141a62fe/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_benign_1.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_benign_2_64417a86-c3e5-4eca-b6cc-3ebf7cf5a628/integer_overflow_benign_2.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count; 8 | 9 | function run(uint256 input) public { 10 | bool err; 11 | uint256 res = 1; 12 | 13 | (err, res) = minus(res, input); 14 | 15 | require(!err); 16 | count = res; 17 | } 18 | 19 | //from BasicMathLib 20 | function minus(uint256 a, uint256 b) private pure returns (bool err,uint256 res) { 21 | assembly { 22 | res := sub(a,b) 23 | switch eq(and(eq(add(res,b), a), or(lt(res,a), eq(res,a))), 1) 24 | case 0 { 25 | err := 1 26 | res := 0 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_benign_2_64417a86-c3e5-4eca-b6cc-3ebf7cf5a628/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_benign_2.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.4% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_bytes_param_76e1b0b5-e300-451b-964b-3ab68b2a1c07/integer_overflow_bytes_param.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | function get(bytes key) public pure returns (bytes32) { 5 | return keccak256(key); 6 | } 7 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_bytes_param_76e1b0b5-e300-451b-964b-3ab68b2a1c07/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_bytes_param.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 65.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_dynarray_a52f0e4b-3e99-4c3a-b552-9f01fe4e6be1/integer_overflow_dynarray.sol: -------------------------------------------------------------------------------- 1 | //Dynamic storage array with packing 2 | // 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | 7 | uint128[] private s; 8 | 9 | function init() public { 10 | s.length = 4; 11 | s[0] = 0xAA; 12 | s[1] = 0xBB; 13 | s[2] = 0xCC; 14 | s[3] = 0xDD; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_dynarray_a52f0e4b-3e99-4c3a-b552-9f01fe4e6be1/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_dynarray.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.4% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_mapping_4a618d98-ddac-449c-8645-ed2d7c676bcd/integer_overflow_mapping_mapping.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract Benchmark { 6 | mapping(uint256 => mapping (uint256 => Tuple)) maps; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | maps[k][k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_mapping_4a618d98-ddac-449c-8645-ed2d7c676bcd/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_mapping.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_staticarray_988ee0d4-dd45-4d9a-942c-5b920a1906cf/integer_overflow_mapping_staticarray.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['map']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => bytes2) map; 7 | 8 | function init(uint256 k) public { 9 | map[k] = 0x1A; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_staticarray_988ee0d4-dd45-4d9a-942c-5b920a1906cf/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_staticarray.sol:C: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_strkey_00c775d7-7b19-479b-8ea0-b2a79d3bf54b/integer_overflow_mapping_strkey.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.8; 2 | 3 | contract Benchmark { 4 | mapping(string => uint256) map; 5 | 6 | function get(string key) public view returns (uint256) { 7 | return map[key]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_strkey_00c775d7-7b19-479b-8ea0-b2a79d3bf54b/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_strkey.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 66.1% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_struct_9c1e4314-c9cd-4d02-a06d-42f35f346df4/integer_overflow_mapping_struct.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[k].a calculated as 2 | // keccak(bytes32(k) + bytes32(position['tuples']))+offset['a'] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => Tuple) tuples; 7 | 8 | struct Tuple { 9 | uint256 a; 10 | uint256 b; 11 | } 12 | 13 | function init(uint256 k) { 14 | tuples[k].b = 0x1A; 15 | } 16 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_struct_9c1e4314-c9cd-4d02-a06d-42f35f346df4/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_struct.sol:C: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.7% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_sym_1_66d4adc9-8b67-484d-9398-bebdbc9b15c7/integer_overflow_mapping_sym_1.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | map[k] -= v; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_sym_1_66d4adc9-8b67-484d-9398-bebdbc9b15c7/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_sym_1.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.9% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_sym_2_82d9e92d-3152-412a-a744-255c340d93ed/integer_overflow_mapping_sym_2.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | 3 | contract Benchmark { 4 | mapping(uint256 => uint256) map; 5 | 6 | function init(uint256 k, uint256 v) public { 7 | require(v < 10); 8 | map[k] = 10; 9 | map[k] -= v; 10 | } 11 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_sym_2_82d9e92d-3152-412a-a744-255c340d93ed/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_sym_2.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.2% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_word_c6289032-d1c3-450c-9e2b-527bd325c9e1/integer_overflow_mapping_word.sol: -------------------------------------------------------------------------------- 1 | //storage key for tuples[i].a calculated as 2 | // keccak(bytes32(i) + bytes32(position['tuples']))+offset[a] 3 | pragma solidity ^0.4.11; 4 | 5 | contract C { 6 | mapping(uint256 => uint256) tuples; 7 | 8 | //tuple variable offset added to keccak(bytes32(key) + bytes32(position)) 9 | function init(uint256 key) public { 10 | tuples[key] = 0x1A; 11 | //tuples[key].b = 0x1B; 12 | //tuples[key].c = 0x1C; 13 | } 14 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mapping_word_c6289032-d1c3-450c-9e2b-527bd325c9e1/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mapping_word.sol:C: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.6% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_minimal_45179c1d-1c09-4adf-adf4-e7c08256eaf9/integer_overflow_minimal.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count -= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_minimal_45179c1d-1c09-4adf-adf4-e7c08256eaf9/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_minimal.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.1% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mul_2c7194cd-9146-48e3-b958-6bea2f3df3bb/integer_overflow_mul.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 2; 8 | 9 | function run(uint256 input) public { 10 | count *= input; 11 | } 12 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_mul_2c7194cd-9146-48e3-b958-6bea2f3df3bb/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_mul.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.1% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_multifunc_feasible_881a1a4e-48bb-4faa-9028-be4b41211d8a/integer_overflow_multitx_multifunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, multi-function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function init() public { 11 | initialized = 1; 12 | } 13 | 14 | function run(uint256 input) { 15 | if (initialized == 0) { 16 | return; 17 | } 18 | 19 | count -= input; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_multifunc_feasible_881a1a4e-48bb-4faa-9028-be4b41211d8a/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_multitx_multifunc_feasible.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.3% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_onefunc_feasible_7edb0ad9-a2ee-4a5d-98c0-d381bbfe6e45/integer_overflow_multitx_onefunc_feasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Arithmetic instruction reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | initialized = 1; 13 | return; 14 | } 15 | 16 | count -= input; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_onefunc_feasible_7edb0ad9-a2ee-4a5d-98c0-d381bbfe6e45/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_multitx_onefunc_feasible.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.2% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_onefunc_infeasible_c6de633c-0868-4187-ac82-eea27da1692a/integer_overflow_multitx_onefunc_infeasible.sol: -------------------------------------------------------------------------------- 1 | //Multi-transactional, single function 2 | //Overflow infeasible because arithmetic instruction not reachable 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint256 private initialized = 0; 8 | uint256 public count = 1; 9 | 10 | function run(uint256 input) public { 11 | if (initialized == 0) { 12 | return; 13 | } 14 | 15 | count -= input; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_multitx_onefunc_infeasible_c6de633c-0868-4187-ac82-eea27da1692a/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_multitx_onefunc_infeasible.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.2% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_path_1_6c9d58d1-7a74-43e8-8999-09c104ecd1c2/integer_overflow_path_1.sol: -------------------------------------------------------------------------------- 1 | //Single transaction overflow 2 | //Post-transaction effect: overflow nevers escapes to publicly-readable storage 3 | 4 | pragma solidity ^0.4.19; 5 | 6 | contract Benchmark { 7 | uint public count = 1; 8 | 9 | function run(uint256 input) public { 10 | count = sub(count, input); 11 | } 12 | 13 | //from SafeMath 14 | function sub(uint256 a, uint256 b) internal pure returns (uint256) { 15 | require(b <= a);//SafeMath uses assert here 16 | return a - b; 17 | } 18 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_path_1_6c9d58d1-7a74-43e8-8999-09c104ecd1c2/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_path_1.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 99.2% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_staticarray_899e8379-84bb-4166-89e5-5212041e980a/integer_overflow_staticarray.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.11; 2 | contract C { 3 | uint256[6] private numbers; 4 | 5 | function get(uint256 i) public returns(uint256) { 6 | require(i < 6); 7 | return numbers[i]; 8 | } 9 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_staticarray_899e8379-84bb-4166-89e5-5212041e980a/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_staticarray.sol:C: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_storageinvariant_ae85cabe-ff82-4ab5-a701-7dd25092311f/integer_overflow_storageinvariant.sol: -------------------------------------------------------------------------------- 1 | //No underflow because of credit/balance invariant: sum (credit.values) = balance 2 | pragma solidity ^0.4.19; 3 | 4 | contract Benchmark { 5 | mapping (address => uint) credit; 6 | uint balance; 7 | 8 | function withdrawAll() public { 9 | uint oCredit = credit[msg.sender]; 10 | if (oCredit > 0) { 11 | credit[msg.sender] = 0; 12 | balance -= oCredit; 13 | msg.sender.transfer(oCredit); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | require(balance < 1000); 21 | } 22 | } -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_storageinvariant_ae85cabe-ff82-4ab5-a701-7dd25092311f/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_storageinvariant.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.1% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_storagepacking_b1e07b12-2804-4358-8b2d-d517ef53a783/integer_overflow_storagepacking.sol: -------------------------------------------------------------------------------- 1 | //Storage packing optimization stores a,b in a single 32-byte storage slot. 2 | //solc generates MUL instruction that operates on compile-time constants to 3 | // extract variable a (or b) from packed storage slot. 4 | pragma solidity ^0.4.11; 5 | contract C { 6 | uint128 a; 7 | uint128 b; 8 | function C() public { 9 | a = 1; 10 | b = 2; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /html/run_oyentepip_integer_overflow_storagepacking_b1e07b12-2804-4358-8b2d-d517ef53a783/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./integer_overflow_storagepacking.sol:C: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 100.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_dao_53bf9f3a-8a0c-49c1-b880-6cc39975fa0c/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./reentrancy_dao.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.0% 8 | INFO:oyente.symExec: Callstack bug: True 9 | /home/vagrant/host/benchmarks/./reentrancy_dao.sol:Benchmark:11:31 10 | msg.sender.call.value(oCredit)() 11 | ^ 12 | INFO:oyente.symExec: Money concurrency bug: False 13 | INFO:oyente.symExec: Time dependency bug: False 14 | INFO:oyente.symExec: Reentrancy bug: True 15 | /home/vagrant/host/benchmarks/./reentrancy_dao.sol:Benchmark:11:31 16 | msg.sender.call.value(oCredit)() 17 | ^ 18 | INFO:oyente.symExec: Assertion failure: False 19 | INFO:oyente.symExec: ====== Analysis Completed ====== 20 | -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_dao_53bf9f3a-8a0c-49c1-b880-6cc39975fa0c/reentrancy_dao.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | bool callResult = msg.sender.call.value(oCredit)(); 12 | require (callResult); 13 | credit[msg.sender] = 0; 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_dao_fixed_b042dc1f-8f97-4471-a9cb-b5b9c3545844/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./reentrancy_dao_fixed.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 98.0% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_dao_fixed_b042dc1f-8f97-4471-a9cb-b5b9c3545844/reentrancy_dao_fixed.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | contract Benchmark { 4 | mapping (address => uint) credit; 5 | uint balance; 6 | 7 | function withdrawAll() public { 8 | uint oCredit = credit[msg.sender]; 9 | if (oCredit > 0) { 10 | balance -= oCredit; 11 | credit[msg.sender] = 0; 12 | bool callResult = msg.sender.call.value(oCredit)(); 13 | require (callResult); 14 | } 15 | } 16 | 17 | function deposit() public payable { 18 | credit[msg.sender] += msg.value; 19 | balance += msg.value; 20 | } 21 | } -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_nostateeffect_410e7b12-0ddf-428f-8f0e-f8f95d23748c/out.txt: -------------------------------------------------------------------------------- 1 | WARNING:root:You are using an untested version of z3. 4.5.0 is the officially tested version 2 | WARNING:root:You are using evm version 1.8.2. The supported version is 1.6.6 3 | WARNING:root:You are using solc version 0.4.21, The latest supported version is 0.4.17 4 | INFO:root:Contract /home/vagrant/host/benchmarks/./reentrancy_nostateeffect.sol:Benchmark: 5 | INFO:oyente.symExec:Running, please wait... 6 | INFO:oyente.symExec: ============ Results =========== 7 | INFO:oyente.symExec: EVM code coverage: 96.7% 8 | INFO:oyente.symExec: Callstack bug: False 9 | INFO:oyente.symExec: Money concurrency bug: False 10 | INFO:oyente.symExec: Time dependency bug: False 11 | INFO:oyente.symExec: Reentrancy bug: False 12 | INFO:oyente.symExec: Assertion failure: False 13 | INFO:oyente.symExec: ====== Analysis Completed ====== 14 | -------------------------------------------------------------------------------- /html/run_oyentepip_reentrancy_nostateeffect_410e7b12-0ddf-428f-8f0e-f8f95d23748c/reentrancy_nostateeffect.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.19; 2 | 3 | interface Runner { 4 | function run(uint256 param) external; 5 | } 6 | 7 | contract Benchmark { 8 | 9 | function run(address base, uint256 param) public { 10 | Runner(base).run(param); 11 | } 12 | 13 | } --------------------------------------------------------------------------------