├── scripts
├── __init__.py
└── solc_file.py
├── .dockerignore
├── requirements.txt
├── .gitattributes
├── settings.gradle
├── src
├── main
│ ├── resources
│ │ └── .gitignore
│ └── java
│ │ └── ch
│ │ └── securify
│ │ ├── decompiler
│ │ ├── instructions
│ │ │ ├── Extcodehash.java
│ │ │ ├── Create2.java
│ │ │ ├── _AddressType.java
│ │ │ ├── ReturnDataSize.java
│ │ │ ├── Stop.java
│ │ │ ├── _NoOp.java
│ │ │ ├── _ReturnsAddress.java
│ │ │ ├── _TypeInstruction.java
│ │ │ ├── Swap.java
│ │ │ ├── _VirtualInstruction.java
│ │ │ ├── Pop.java
│ │ │ ├── Revert.java
│ │ │ ├── SelfDestruct.java
│ │ │ ├── Gas.java
│ │ │ ├── Pc.java
│ │ │ ├── MSize.java
│ │ │ ├── Or.java
│ │ │ ├── MLoad.java
│ │ │ ├── Mod.java
│ │ │ ├── Origin.java
│ │ │ ├── SDiv.java
│ │ │ ├── SLoad.java
│ │ │ ├── SMod.java
│ │ │ ├── Xor.java
│ │ │ ├── Address.java
│ │ │ ├── CodeSize.java
│ │ │ ├── Coinbase.java
│ │ │ ├── Eq.java
│ │ │ ├── GasLimit.java
│ │ │ ├── GasPrice.java
│ │ │ ├── Gt.java
│ │ │ ├── Lt.java
│ │ │ ├── Sgt.java
│ │ │ ├── Slt.java
│ │ │ ├── CallValue.java
│ │ │ ├── Difficulty.java
│ │ │ ├── BlockNumber.java
│ │ │ ├── Caller.java
│ │ │ ├── MStore.java
│ │ │ ├── MStore8.java
│ │ │ ├── Return.java
│ │ │ ├── SStore.java
│ │ │ ├── CallDataSize.java
│ │ │ ├── BlockTimestamp.java
│ │ │ ├── Byte.java
│ │ │ ├── Div.java
│ │ │ ├── AddMod.java
│ │ │ ├── BlockHash.java
│ │ │ ├── MulMod.java
│ │ │ ├── Balance.java
│ │ │ ├── CallDataLoad.java
│ │ │ ├── Invalid.java
│ │ │ ├── ReturnDataCopy.java
│ │ │ ├── SignExtend.java
│ │ │ ├── ExtCodeSize.java
│ │ │ ├── CodeCopy.java
│ │ │ ├── Sha3.java
│ │ │ ├── _UnknownInstruction.java
│ │ │ ├── CallDataCopy.java
│ │ │ ├── Log0.java
│ │ │ ├── Shr.java
│ │ │ ├── Shl.java
│ │ │ ├── Dup.java
│ │ │ ├── ExtCodeCopy.java
│ │ │ ├── Log1.java
│ │ │ ├── CallingInstruction.java
│ │ │ ├── Log2.java
│ │ │ ├── Log3.java
│ │ │ ├── Log4.java
│ │ │ ├── Jump.java
│ │ │ ├── Create.java
│ │ │ └── _VirtualMethodReturn.java
│ │ ├── MethodNameResolver.java
│ │ └── AssumptionViolatedException.java
│ │ ├── utils
│ │ ├── Resolver.java
│ │ ├── DevNullPrintStream.java
│ │ ├── DevNull.java
│ │ ├── MapUtil.java
│ │ └── StreamUtil.java
│ │ ├── analysis
│ │ ├── TimeoutException.java
│ │ ├── Status.java
│ │ └── Config.java
│ │ └── model
│ │ ├── CompiledContracts.java
│ │ ├── CompiledContract.java
│ │ ├── Contract.java
│ │ └── ContractResult.java
└── test
│ ├── resources
│ └── solidity
│ │ ├── end_to_end_testing_quick
│ │ ├── empty.sol
│ │ ├── return.sol
│ │ ├── revert.sol
│ │ └── selfdestruct.sol
│ │ ├── end_to_end_testing_big
│ │ └── swc
│ │ │ ├── pragma_not_locked
│ │ │ ├── floating_pragma.sol
│ │ │ └── floating_pragma_fixed.sol
│ │ │ ├── outdated_compiler_version
│ │ │ └── version_0_4_0.sol
│ │ │ ├── unprotected_critical_functions
│ │ │ ├── simple_suicide.sol
│ │ │ ├── simple_ether_drain.sol
│ │ │ ├── suicide_multitx_feasible.sol
│ │ │ ├── suicide_multitx_infeasible.sol
│ │ │ ├── wallet_03_wrong_constructor.sol
│ │ │ ├── wallet_04_confused_sign.sol
│ │ │ ├── wallet_01_ok.sol
│ │ │ └── wallet_02_refund_nosub.sol
│ │ │ ├── typographical_error
│ │ │ ├── typo_one_command.sol
│ │ │ └── typo_simple.sol
│ │ │ ├── integer_overflow_and_underflow
│ │ │ ├── overflow_simple_add.sol
│ │ │ ├── integer_overflow_mapping_sym_1.sol
│ │ │ ├── integer_overflow_mul.sol
│ │ │ ├── integer_overflow_benign_1.sol
│ │ │ ├── integer_overflow_minimal.sol
│ │ │ ├── overflow_simple_add_fixed.sol
│ │ │ ├── integer_overflow_mapping_sym_1_fixed.sol
│ │ │ ├── integer_overflow_benign_1_fixed.sol
│ │ │ ├── integer_overflow_minimal_fixed.sol
│ │ │ ├── integer_overflow_multitx_onefunc_feasible.sol
│ │ │ ├── integer_overflow_multitx_onefunc_infeasible.sol
│ │ │ ├── integer_overflow_multitx_multifunc_feasible.sol
│ │ │ ├── integer_overflow_multitx_onefunc_feasible_fixed.sol
│ │ │ ├── integer_overflow_mul_fixed.sol
│ │ │ ├── integer_overflow_multitx_multifunc_feasible_fixed.sol
│ │ │ └── overflow_vulnerable_and_fixed.sol
│ │ │ ├── assert_violations
│ │ │ ├── out-of-bounds-exception.sol
│ │ │ ├── assert_minimal.sol
│ │ │ ├── assert_constructor.sol
│ │ │ ├── two_mapppings.sol
│ │ │ ├── gas_model.sol
│ │ │ ├── gas_model_fixed.sol
│ │ │ ├── runtime_user_input_call.sol
│ │ │ ├── constructor_create.sol
│ │ │ ├── sha_of_sha_concrete.sol
│ │ │ ├── assert_multitx_1.sol
│ │ │ ├── sha_of_sha_2_mappings.sol
│ │ │ ├── assert_multitx_2.sol
│ │ │ ├── constructor_create_argument.sol
│ │ │ ├── runtime_create_user_input.sol
│ │ │ ├── sha_of_sha_collision.sol
│ │ │ ├── constructor_create_modifiable.sol
│ │ │ ├── token-with-backdoor.sol
│ │ │ ├── assert_constructor.json
│ │ │ ├── mapping_performance_1.sol
│ │ │ └── mapping_perfomance_2.sol
│ │ │ ├── timestamp_dependence
│ │ │ └── timed_crowdsale.sol
│ │ │ ├── delegate_call_to_untrusted_callee
│ │ │ ├── proxy.sol
│ │ │ ├── proxy_fixed.sol
│ │ │ └── proxy_pattern_false_positive.sol
│ │ │ ├── requirement_violations
│ │ │ ├── requirement_simple.sol
│ │ │ └── requirement_simple_fixed.sol
│ │ │ ├── call_best_practices
│ │ │ ├── unchecked_return_value.sol
│ │ │ └── send_loop.sol
│ │ │ ├── shadowing_inherited_state_variables
│ │ │ ├── TokenSale.sol
│ │ │ ├── ShadowingInFunctions.sol
│ │ │ └── TokenSale_fixed.sol
│ │ │ ├── dos_gas_limit
│ │ │ ├── dos_simple.sol
│ │ │ ├── dos_address.sol
│ │ │ └── dos_number.sol
│ │ │ ├── deprecated_constructs
│ │ │ └── deprecated_simple.sol
│ │ │ ├── tx_origin
│ │ │ ├── mycontract.sol
│ │ │ └── mycontract_fixed.sol
│ │ │ ├── default_visibility_functions
│ │ │ ├── visibility_not_set.sol
│ │ │ └── visibility_not_set_fixed.sol
│ │ │ ├── weak_randomness
│ │ │ ├── random_number_generator.sol
│ │ │ ├── guess_the_random_number.sol
│ │ │ ├── random_number_generator.json
│ │ │ ├── guess_the_random_number_fixed.sol
│ │ │ └── old_blockhash.sol
│ │ │ ├── write_to_arbitrary_storage_location
│ │ │ ├── mapping_write.sol
│ │ │ ├── arbitrary_location_write_simple.sol
│ │ │ └── arbitrary_location_write_simple_fixed.sol
│ │ │ ├── invalid_constructor_name
│ │ │ ├── incorrect_constructor_name2_fixed.sol
│ │ │ ├── incorrect_constructor_name3_fixed.sol
│ │ │ ├── incorrect_constructor_name2.sol
│ │ │ ├── incorrect_constructor_name3.sol
│ │ │ ├── incorrect_constructor_name1_fixed.sol
│ │ │ └── incorrect_constructor_name1.sol
│ │ │ ├── reentracy
│ │ │ ├── simple_dao.sol
│ │ │ └── simple_dao_fixed.sol
│ │ │ ├── transaction_order_dependence
│ │ │ └── eth_tx_order_dependence_minimal.sol
│ │ │ ├── arbitrary_jump
│ │ │ └── FunctionTypes.sol
│ │ │ ├── ctf
│ │ │ └── tokensalechallenge.sol
│ │ │ ├── LICENSE
│ │ │ └── default_visibility_variables
│ │ │ └── storage.sol
│ │ ├── locked-money-no-self-destruct-no-call-unsafe.sol
│ │ ├── UnrestrictedWrite.sol
│ │ ├── locked-money-call-safe.sol
│ │ ├── locked-money-call-ten-safe.sol
│ │ ├── locked-money-call-zero-unsafe.sol
│ │ ├── DAO.sol
│ │ ├── LockedEther.sol
│ │ ├── TODTransfer2.sol
│ │ ├── DAOConstantGas.sol
│ │ ├── UnrestrictedEtherFlow.sol
│ │ ├── locked-money-self-destruct-safe.sol
│ │ ├── UnhandledException.sol
│ │ ├── MissingInputValidation.sol
│ │ ├── repeated-calls-tn.sol
│ │ ├── UnhandledException2.sol
│ │ ├── LockedEtherDelegate.sol
│ │ ├── TODTransfer.sol
│ │ ├── locked-money-no-self-destruct-no-call-unsafe.bin.hex
│ │ ├── LockedEther.bin.hex
│ │ ├── UnrestrictedEtherFlow2.sol
│ │ ├── TODReceiver.sol
│ │ ├── repeated-calls-tp.sol
│ │ ├── no-reentrancy.bin.hex
│ │ ├── locked-money-call-safe.bin.hex
│ │ ├── locked-money-call-ten-safe.bin.hex
│ │ ├── locked-money-call-zero-unsafe.bin.hex
│ │ ├── locked-money-self-destruct-safe.bin.hex
│ │ ├── repeated-calls-tn2.sol
│ │ ├── decompile.sol
│ │ ├── reentrancy.sol
│ │ ├── no-reentrancy.sol
│ │ ├── DAOConstantGas.bin.hex
│ │ ├── TODAmount.sol
│ │ ├── UnrestrictedEtherFlow.bin.hex
│ │ ├── UnrestrictedWrite.bin.hex
│ │ ├── transaction-reordering.sol
│ │ ├── repeated-calls-tn3.sol
│ │ ├── TODTransfer2.bin.hex
│ │ ├── reentrancy.bin.hex
│ │ ├── UnrestrictedEtherFlow2.bin.hex
│ │ ├── UnhandledException2.bin.hex
│ │ ├── MissingInputValidation.bin.hex
│ │ ├── UnhandledException.bin.hex
│ │ ├── LockedEtherDelegate.bin.hex
│ │ ├── transaction-reordering.bin.hex
│ │ ├── repeated-calls-tn.bin.hex
│ │ ├── TestShr.sol
│ │ ├── TODTransfer.bin.hex
│ │ ├── TestExtcodehash.sol
│ │ ├── TestShl.sol
│ │ ├── TODAmount.bin.hex
│ │ ├── TODReceiver.bin.hex
│ │ └── repeated-calls-tp.bin.hex
│ └── java
│ └── ch
│ └── securify
│ ├── CompilationHelpersTest.java
│ └── patterns
│ ├── TODAmountTest.java
│ ├── TODReceiverTest.java
│ ├── DAOConstantGasTest.java
│ ├── UnrestrictedWriteTest.java
│ ├── MissingInputValidationTest.java
│ └── ContractPatternTest.java
├── img
├── scan.png
├── logo-securify.png
├── ethereum_foundation.png
└── foundation_securify.png
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── .gitignore
├── AUTHORS
├── .github
└── ISSUE_TEMPLATE
├── .travis.yml
├── securify.iml
├── docker_run_securify.py
└── securify_main.iml
/scripts/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | .git
2 | build
3 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | py-solc-x>=0.3
2 | psutil
3 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.sol linguist-language=Solidity
2 |
--------------------------------------------------------------------------------
/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'securify'
2 |
--------------------------------------------------------------------------------
/src/main/resources/.gitignore:
--------------------------------------------------------------------------------
1 | mayImplicit
2 | mustExplicit
3 |
--------------------------------------------------------------------------------
/img/scan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/eth-sri/securify/HEAD/img/scan.png
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_quick/empty.sol:
--------------------------------------------------------------------------------
1 | contract C {
2 | }
3 |
--------------------------------------------------------------------------------
/img/logo-securify.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/eth-sri/securify/HEAD/img/logo-securify.png
--------------------------------------------------------------------------------
/img/ethereum_foundation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/eth-sri/securify/HEAD/img/ethereum_foundation.png
--------------------------------------------------------------------------------
/img/foundation_securify.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/eth-sri/securify/HEAD/img/foundation_securify.png
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/eth-sri/securify/HEAD/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .vscode/
2 | .DS_Store
3 | .gradle/
4 | .idea/
5 | build/
6 | out/
7 | securify.ipr
8 | securify.iws
9 | __pycache__/
10 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_quick/return.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract C{
3 | function() external payable{
4 | return;
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_quick/revert.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract C{
3 | function() external payable{
4 | revert();
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/pragma_not_locked/floating_pragma.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract PragmaNotLocked {
4 | uint public x = 1;
5 | }
6 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/pragma_not_locked/floating_pragma_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract PragmaNotLocked {
4 | uint public x = 1;
5 | }
6 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/outdated_compiler_version/version_0_4_0.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract OutdatedCompilerVersion {
4 | uint public x = 1;
5 | }
6 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_quick/selfdestruct.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract C{
3 | function() external payable{
4 | selfdestruct(address(0x123));
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | Petar Tsankov
2 | Andrei Dan
3 | Dana Drachsler-Cohen
4 | Arthur Gervais
5 | Florian Bünzli
6 | Hubert Ritzdorf
7 | Quentin Hibon
8 | Anton Permenev
9 | Jakob Beckmann
10 | Matías A. Ré Medina
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/simple_suicide.sol:
--------------------------------------------------------------------------------
1 | contract SimpleSuicide {
2 |
3 | function sudicideAnyone() public {
4 | selfdestruct(msg.sender);
5 | }
6 |
7 | }
8 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-no-self-destruct-no-call-unsafe.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function transfer() payable public {
4 | uint x = msg.value;
5 | }
6 |
7 | }
8 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedWrite.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract Ownable {
3 | address owner;
4 |
5 | function transferOwnership(address _newOwner) public {
6 | owner = _newOwner;
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-safe.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function transfer() payable public {
4 | uint x = msg.value;
5 | msg.sender.send(x);
6 | }
7 |
8 | }
9 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-ten-safe.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function transfer() payable public {
4 | uint x = msg.value;
5 | msg.sender.send(10);
6 | }
7 |
8 | }
9 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-zero-unsafe.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function transfer() payable public {
4 | uint x = msg.value;
5 | msg.sender.send(0);
6 | }
7 |
8 | }
9 |
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionBase=GRADLE_USER_HOME
2 | distributionPath=wrapper/dists
3 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.2-bin.zip
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/DAO.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract Wallet {
3 |
4 | uint balance;
5 | function send(){
6 | if (balance > 0){
7 | msg.sender.call.value(balance)();
8 | balance = 0;
9 | }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/LockedEther.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract MarketPlace {
3 | function deposit() payable public {
4 | }
5 |
6 | function transfer() payable public {
7 | uint x = msg.value;
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODTransfer2.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract game {
4 | bool won = false;
5 |
6 | function play() public {
7 | require(!won);
8 | won = true;
9 | msg.sender.transfer(10 ** 18);
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/DAOConstantGas.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract Wallet {
3 |
4 | uint balance;
5 | function send() public {
6 | if (balance > 0){
7 | msg.sender.transfer(balance);
8 | balance = 0;
9 | }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/typographical_error/typo_one_command.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract TypoOneCommand {
4 | uint numberOne = 1;
5 |
6 | function alwaysOne() public {
7 | numberOne = 1;
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedEtherFlow.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.5.1;
2 | contract Wallet {
3 | address payable owner;
4 |
5 | function withdraw() payable public {
6 | owner.transfer(msg.value);
7 | }
8 |
9 | function () payable external {}
10 | }
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-self-destruct-safe.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function someComp() payable public {
4 | uint x = msg.value;
5 | }
6 |
7 | function kill() public {
8 | selfdestruct(msg.sender);
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnhandledException.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract SimpleBank {
4 | mapping(address => uint) balances;
5 |
6 | function withdraw() public {
7 | msg.sender.send(balances[msg.sender]);
8 | balances[msg.sender] = 0;
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/overflow_simple_add.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Overflow_Add {
4 | uint public balance = 1;
5 |
6 | function add(uint256 deposit) public {
7 | balance += deposit;
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/MissingInputValidation.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract SimpleBank {
3 | mapping(address => uint) balances;
4 |
5 | function withdraw(uint amount) public {
6 | balances[msg.sender] -= amount;
7 | msg.sender.transfer(amount);
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/simple_ether_drain.sol:
--------------------------------------------------------------------------------
1 | contract SimpleEtherDrain {
2 |
3 | function withdrawAllAnyone() public {
4 | msg.sender.transfer(address(this).balance);
5 | }
6 |
7 | function () external payable {
8 | }
9 |
10 | }
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tn.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | interface A {
3 | function f() external view returns(address);
4 | }
5 |
6 | contract B {
7 | mapping(address => bool) approved;
8 | function g(A a) public {
9 | require(approved[(address(a.f()))]);
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnhandledException2.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract C{
4 | function f() public {
5 | if(uint(sha256(msg.data)) < 2){
6 | bool b = msg.sender.send(3);
7 | if(!b) {
8 | // throw;
9 | }
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/out-of-bounds-exception.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract OutOfBoundsException {
4 |
5 | uint256[] public array;
6 |
7 | function getArrayElement(uint256 idx) public returns (uint256) {
8 | return array[idx];
9 | }
10 |
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/timestamp_dependence/timed_crowdsale.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract TimedCrowdsale {
4 | // Sale should finish exactly at January 1, 2019
5 | function isSaleFinished() view public returns (bool) {
6 | return block.timestamp >= 1546300800;
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/LockedEtherDelegate.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Test{
4 |
5 | function payout(address a) public {
6 | bool x;
7 | bytes memory y;
8 | (x, y) = a.delegatecall("0x1234");
9 | }
10 |
11 |
12 | function () external payable {
13 |
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODTransfer.sol:
--------------------------------------------------------------------------------
1 | contract Game {
2 | bool won = false;
3 |
4 | function play(bytes memory guess) public {
5 | require(!won);
6 | if (uint(keccak256(guess)) == 0xDEADBEEF) {
7 | won = true;
8 | msg.sender.transfer(10 ** 18);
9 | }
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Extcodehash.java:
--------------------------------------------------------------------------------
1 | package ch.securify.decompiler.instructions;
2 |
3 | public class Extcodehash extends Instruction implements _TypeInstruction {
4 |
5 | @Override
6 | public String getStringRepresentation() {
7 | return getOutput()[0] + " = extcodehash(" + getInput()[0] + ")";
8 | }
9 |
10 | }
11 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_minimal.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract AssertMinimal {
9 | function run() public {
10 | assert(false);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-no-self-destruct-no-call-unsafe.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638a4068dd146044575b600080fd5b348015604f57600080fd5b5060566058565b005b6000349050505600a165627a7a72305820060c546b925c2e8c694ba308b324780a8d652a4041f99772a56382e8d8d593690029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/LockedEther.bin.hex:
--------------------------------------------------------------------------------
1 | 6080604052600436106049576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638a4068dd14604e578063d0e30db0146062575b600080fd5b348015605957600080fd5b506060606a565b005b60686072565b005b600034905050565b5600a165627a7a723058203737c9af63b6935e5f6f364cf721f91c18faeb06a0a990d4cbf7117dde2aa2c80029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedEtherFlow2.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Wallet {
4 | address payable owner;
5 | bool withdrawable = true;
6 |
7 | function withdraw() public {
8 | require(withdrawable);
9 | withdrawable = false;
10 | owner.transfer(1);
11 | }
12 |
13 | function () payable external {}
14 | }
15 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_constructor.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract AssertConstructor {
9 | constructor() public {
10 | assert(false);
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/two_mapppings.sol:
--------------------------------------------------------------------------------
1 | contract TwoMappings{
2 |
3 | mapping(uint=>uint) m;
4 | mapping(uint=>uint) n;
5 |
6 | constructor() public {
7 | m[10] = 100;
8 | }
9 |
10 | function check(uint a) public {
11 | assert(n[a] == 0);
12 | }
13 |
14 | }
15 |
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_mapping_sym_1.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 |
3 | pragma solidity ^0.5.0;
4 |
5 | contract IntegerOverflowMappingSym1 {
6 | mapping(uint256 => uint256) map;
7 |
8 | function init(uint256 k, uint256 v) public {
9 | map[k] -= v;
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODReceiver.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.5.4;
2 | contract Game {
3 | address payable winner;
4 |
5 | function play(bytes memory guess) public {
6 | if (uint(keccak256(guess)) == 0xDEADBEEF) {
7 | winner = msg.sender;
8 | }
9 | }
10 | function getReward() payable public {
11 | winner.transfer(msg.value);
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/gas_model.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract GasModel{
8 | uint x = 100;
9 | function check() public {
10 | uint a = gasleft();
11 | x = x + 1;
12 | uint b = gasleft();
13 | assert(b > a);
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tp.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | interface A {
3 | function f() external view returns(address);
4 | }
5 |
6 | contract B {
7 | mapping(address => bool) approved;
8 | mapping(address => bool) modified;
9 | function g(A a) public {
10 | require(approved[(address(a.f()))]);
11 | modified[address(a.f())] = true;
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_mul.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow escapes to publicly-readable storage
3 |
4 | pragma solidity ^0.5.0;
5 |
6 | contract IntegerOverflowMul {
7 | uint public count = 2;
8 |
9 | function run(uint256 input) public {
10 | count *= input;
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/gas_model_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract GasModelFixed{
8 | uint x = 100;
9 | function check() public {
10 | uint a = gasleft();
11 | x = x + 1;
12 | uint b = gasleft();
13 | assert(b < a);
14 | }
15 | }
16 |
17 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_benign_1.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow never escapes function
3 |
4 | pragma solidity ^0.5.0;
5 |
6 | contract IntegerOverflowBenign1 {
7 | uint public count = 1;
8 |
9 | function run(uint256 input) public {
10 | uint res = count - input;
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/runtime_user_input_call.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract RuntimeUserInputCall{
8 |
9 | function check(address b) public {
10 | assert(B(b).foo() == 10);
11 | }
12 |
13 | }
14 |
15 | contract B{
16 | function foo() public returns(uint);
17 | }
18 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_minimal.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow escapes to publicly-readable storage
3 |
4 | pragma solidity ^0.5.0;
5 |
6 | contract IntegerOverflowMinimal {
7 | uint public count = 1;
8 |
9 | function run(uint256 input) public {
10 | count -= input;
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/no-reentrancy.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806358bb390c146044575b600080fd5b348015604f57600080fd5b5060566058565b005b600080549050600080819055503373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185875af19250505050505600a165627a7a723058202a5ace71a612feb3f9902d86881cbb5632bf1bb8f851854b0f9337befb2f98560029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-safe.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638a4068dd146044575b600080fd5b348015604f57600080fd5b5060566058565b005b60003490503373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f1935050505050505600a165627a7a7230582073ed218ec6266a6d5d3e854232687866aab0455275006e925d8b8c54e151691f0029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-ten-safe.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638a4068dd146044575b600080fd5b348015604f57600080fd5b5060566058565b005b60003490503373ffffffffffffffffffffffffffffffffffffffff166108fc600a9081150290604051600060405180830381858888f1935050505050505600a165627a7a723058208b679cc9363541104bdcec4e60badbe3003a5c7dd688d1999d3fa0b8b3cc15910029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/delegate_call_to_untrusted_callee/proxy.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Proxy {
4 |
5 | address owner;
6 |
7 | constructor() public {
8 | owner = msg.sender;
9 | }
10 |
11 | function forward(address callee, bytes memory _data) public {
12 | (bool success, bytes memory data) = (callee.delegatecall(_data));
13 | require(success);
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-call-zero-unsafe.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680638a4068dd146044575b600080fd5b348015604f57600080fd5b5060566058565b005b60003490503373ffffffffffffffffffffffffffffffffffffffff166108fc60009081150290604051600060405180830381858888f1935050505050505600a165627a7a723058209659fa8f7b93fcc3e99b26d16cfd0227ac47c67dfef5f501fd2902d0f5f4fa8a0029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/locked-money-self-destruct-safe.bin.hex:
--------------------------------------------------------------------------------
1 | 6080604052600436106049576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063290a917814604e57806341c0e1b5146062575b600080fd5b348015605957600080fd5b5060606076565b005b348015606d57600080fd5b506074607e565b005b600034905050565b3373ffffffffffffffffffffffffffffffffffffffff16ff00a165627a7a723058209bb63282ed6e60ca6bbb0a9a4e46d6b1026938f2dd4b25db252533cd95b2b5c80029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/requirement_violations/requirement_simple.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Bar {
4 | Foo private f = new Foo();
5 | function doubleBaz() public view returns (int256) {
6 | return 2 * f.baz(0);
7 | }
8 | }
9 |
10 | contract Foo {
11 | function baz(int256 x) public pure returns (int256) {
12 | require(0 < x);
13 | return 42;
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tn2.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | interface A {
3 | function f() external view returns(address);
4 | }
5 |
6 | contract B {
7 | mapping(address => bool) approved;
8 | mapping(address => bool) modified;
9 | function g(A a) public {
10 | require(approved[(address(a.f()))]);
11 | }
12 | function h(A a) public {
13 | modified[(address(a.f()))] = true;
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE:
--------------------------------------------------------------------------------
1 | # I have checked the following
2 |
3 | - [ ] The `souffle` binary is available, output when running `souffle`:
4 |
5 | $OUTPUT
6 |
7 | - [ ] Output of `solc --version`
8 |
9 | $OUTPUT
10 |
11 | - [ ] Output of `solc --bin-runtime MyContract.sol`
12 |
13 | $OUTPUT
14 |
15 | - [ ] I can reproduce this issue in a Docker container with the following command
16 |
17 | $COMMAND
18 |
19 | # Steps to reproduce
20 |
21 | $STEPS
22 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/decompile.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract A {
4 | uint a;
5 | function f1(uint i) public {
6 | a = i;
7 | }
8 | function f2(uint i) public {
9 | a = i;
10 | }
11 |
12 | function g(uint i) public {
13 | function (uint256) f = i < 100 ? f1 : f2;
14 | f(i);
15 | }
16 |
17 | function h() public {
18 | msg.sender.transfer(a);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/typographical_error/typo_simple.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract TypoSimple {
4 |
5 | uint onlyOne = 1;
6 | bool win = false;
7 |
8 | function addOne() public {
9 | onlyOne = 1;
10 | if(onlyOne>1) {
11 | win = true;
12 | }
13 | }
14 |
15 | function iWin() view public returns (bool) {
16 | return win;
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/call_best_practices/unchecked_return_value.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract ReturnValue {
4 |
5 | address callee = 0xDeaDbeefdEAdbeefdEadbEEFdeadbeEFdEaDbeeF;
6 |
7 | function callchecked() public {
8 | (bool success, bytes memory data) = (callee.call(""));
9 | require(success);
10 | }
11 |
12 | function callnotchecked() public {
13 | callee.call("");
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/reentrancy.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | uint balance = 0;
4 |
5 | function noReentrancy() public {
6 | uint x = balance;
7 | balance = 0;
8 | msg.sender.call.value(x)("");
9 | }
10 |
11 | function reentrancy() public {
12 | uint x = balance;
13 | msg.sender.call.value(x)("");
14 | balance = 0;
15 | }
16 |
17 | }
18 |
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/no-reentrancy.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | uint balance = 0;
4 |
5 | function noReentrancy() public {
6 | uint x = balance;
7 | balance = 0;
8 | msg.sender.call.value(x)("");
9 | }
10 |
11 | // function reentrancy() {
12 | // uint x = balance;
13 | // msg.sender.call.value(x)();
14 | // balance = 0;
15 | // }
16 |
17 | }
18 |
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/constructor_create.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract ConstructorCreate{
9 | B b = new B();
10 |
11 | function check() public {
12 | assert(b.foo() == 10);
13 | }
14 |
15 | }
16 |
17 | contract B{
18 |
19 | function foo() public returns(uint){
20 | return 11;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/shadowing_inherited_state_variables/TokenSale.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Tokensale {
4 | uint hardcap = 10000 ether;
5 |
6 | constructor() public {}
7 |
8 | function fetchCap() public view returns(uint) {
9 | return hardcap;
10 | }
11 | }
12 |
13 | contract Presale is Tokensale {
14 | uint hardcap = 1000 ether;
15 |
16 | constructor() Tokensale() public {}
17 | }
18 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/DAOConstantGas.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063b46300ec146044575b600080fd5b348015604f57600080fd5b5060566058565b005b60008054111560b1573373ffffffffffffffffffffffffffffffffffffffff166108fc6000549081150290604051600060405180830381858888f1935050505015801560a8573d6000803e3d6000fd5b50600080819055505b5600a165627a7a7230582065f9f7f8a1fb874a2c97e23274f6e30100c55c91045d6d853a441043778df0150029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/sha_of_sha_concrete.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract ShaOfShaConcrete{
8 |
9 | mapping(bytes32=>uint) m;
10 | uint b;
11 |
12 | constructor() public {
13 | b = 1;
14 | }
15 |
16 | function check(uint x) public {
17 | assert(m[keccak256(abi.encodePacked(x, "B"))] == 0);
18 | }
19 |
20 | }
21 |
22 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODAmount.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract TokenMarket {
3 | mapping(address => uint) balances;
4 | uint price = 10;
5 | address owner;
6 |
7 | function setPrice(uint newPrice) public {
8 | if (msg.sender == owner)
9 | price = newPrice;
10 | }
11 |
12 | function sellTokens() public {
13 | uint amount = balances[msg.sender];
14 | balances[msg.sender] = 0;
15 | msg.sender.transfer(amount * price);
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedEtherFlow.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680633ccfd60b146041575b005b348015604c57600080fd5b5060536055565b005b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc349081150290604051600060405180830381858888f1935050505015801560bb573d6000803e3d6000fd5b505600a165627a7a7230582016d909e946156bda96949bd6ae67c5702ea2d31b0c6326f8ed1d1a0d1e0076830029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/overflow_simple_add_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Overflow_Add {
4 | uint public balance = 1;
5 |
6 | function add(uint256 deposit) public {
7 | balance = add(balance, deposit);
8 | }
9 |
10 | //from SafeMath
11 | function add(uint256 a, uint256 b) internal pure returns (uint256) {
12 | uint256 c = a + b;
13 | require(c >= a);
14 |
15 | return c;
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_multitx_1.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract AssertMultiTx1 {
9 | uint256 private param;
10 |
11 | constructor(uint256 _param) public {
12 | require(_param > 0);
13 | param = _param;
14 | }
15 |
16 | function run() public {
17 | assert(param > 0);
18 | }
19 |
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/sha_of_sha_2_mappings.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | contract ShaOfSha2Mappings{
6 |
7 | mapping(bytes32=>uint) m;
8 | mapping(bytes32=>uint) n;
9 |
10 | constructor() public {
11 | m[keccak256(abi.encode("AAA", msg.sender))] = 100;
12 | }
13 |
14 | function check(address a) public {
15 | assert(n[keccak256(abi.encode("BBB", a))] == 0);
16 | }
17 |
18 | }
19 |
20 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/suicide_multitx_feasible.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract SuicideMultiTxFeasible {
4 | uint256 private initialized = 0;
5 | uint256 public count = 1;
6 |
7 | function init() public {
8 | initialized = 1;
9 | }
10 |
11 | function run(uint256 input) public {
12 | if (initialized == 0) {
13 | return;
14 | }
15 |
16 | selfdestruct(msg.sender);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/suicide_multitx_infeasible.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract SuicideMultiTxFeasible {
4 | uint256 private initialized = 0;
5 | uint256 public count = 1;
6 |
7 | function init() public {
8 | initialized = 1;
9 | }
10 |
11 | function run(uint256 input) public {
12 | if (initialized != 2) {
13 | return;
14 | }
15 |
16 | selfdestruct(msg.sender);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedWrite.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f2fde38b146044575b600080fd5b348015604f57600080fd5b506082600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506084565b005b806000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550505600a165627a7a723058201f8bfbe49c083b2d1d8ed64da54d4b438c508d80d09054ccef73797a45ae91920029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/transaction-reordering.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 | contract MarketPlace {
3 | function safeTransfer1() payable public {
4 | uint x = msg.value;
5 | msg.sender.send(x);
6 | }
7 |
8 | function safeTransfer2() public {
9 | uint x = 100;
10 | uint y = x * 100;
11 | msg.sender.send(y);
12 | }
13 |
14 | function unsafeTransfer() public {
15 | uint x = address(this).balance;
16 | msg.sender.send(x);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tn3.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | contract A {
3 | address a;
4 | function f() public view returns(address) {
5 | return a;
6 | }
7 | }
8 |
9 | contract B {
10 | mapping(address => bool) approved;
11 | mapping(address => bool) modified;
12 | // Constant addresses are considered secure
13 | A constant a = A(0x123);
14 |
15 | function g() public {
16 | require(approved[(address(a.f()))]);
17 | modified[address(a.f())] = true;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODTransfer2.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806393e84cd9146044575b600080fd5b348015604f57600080fd5b5060566058565b005b6000809054906101000a900460ff16151515607257600080fd5b60016000806101000a81548160ff0219169083151502179055503373ffffffffffffffffffffffffffffffffffffffff166108fc670de0b6b3a76400009081150290604051600060405180830381858888f1935050505015801560d9573d6000803e3d6000fd5b505600a165627a7a72305820f4023d66108db4af26ab25e597b9b107fe34c4c99398374d5bf17bf187862bae0029
2 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | dist: xenial
2 |
3 | language: java
4 |
5 | services:
6 | - docker
7 |
8 | jdk:
9 | - openjdk8
10 |
11 | before_install:
12 | - sudo apt-get -y install gdebi
13 | - wget https://github.com/souffle-lang/souffle/releases/download/1.5.1/souffle_1.5.1-1_amd64.deb
14 | - sudo gdebi --n souffle_1.5.1-1_amd64.deb
15 |
16 |
17 | # This is the default with language: java, no need to redefine it
18 | # install:
19 | # - ./gradlew assemble
20 |
21 | script:
22 | - ./gradlew test
23 | - docker build . -t securify
24 | - docker run securify
25 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/dos_gas_limit/dos_simple.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract DosOneFunc {
4 |
5 | address[] listAddresses;
6 |
7 | function ifillArray() public returns (bool){
8 | if(listAddresses.length<1500) {
9 |
10 | for(uint i=0;i<350;i++) {
11 | listAddresses.push(msg.sender);
12 | }
13 | return true;
14 |
15 | } else {
16 | listAddresses = new address[](0);
17 | return false;
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_multitx_2.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract AssertMultiTx2 {
9 | uint256 private param;
10 |
11 | constructor(uint256 _param) public {
12 | param = 0;
13 | }
14 |
15 | function run() public {
16 | assert(param > 0);
17 | }
18 |
19 | function set(uint256 _param) public {
20 | param = _param;
21 | }
22 |
23 |
24 | }
25 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/constructor_create_argument.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract ConstructorCreateArgument{
8 | B b = new B(11);
9 |
10 | function check() public {
11 | assert(b.foo() == 10);
12 | }
13 |
14 | }
15 |
16 | contract B{
17 |
18 | uint x_;
19 | constructor(uint x) public {
20 | x_ = x;
21 | }
22 |
23 | function foo() public returns(uint) {
24 | return x_;
25 | }
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/deprecated_constructs/deprecated_simple.sol:
--------------------------------------------------------------------------------
1 |
2 |
3 | contract DeprecatedSimple {
4 |
5 | function useDeprecated() public {
6 |
7 | // Do everything that's deprecated, then commit suicide.
8 |
9 | bytes32 blockhash = blockhash(0);
10 | bytes32 hashofhash = keccak256(abi.encodePacked(blockhash));
11 |
12 | uint gas = gasleft();
13 |
14 | if (gas == 0) {
15 | assert(false);
16 | }
17 |
18 | address(this).delegatecall("");
19 |
20 | selfdestruct(address(0));
21 | }
22 |
23 | function () external {}
24 |
25 | }
26 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/runtime_create_user_input.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract RuntimeCreateUserInput{
8 |
9 | function check(uint x) public {
10 | B b = new B(x);
11 | assert(b.foo() == 10);
12 | }
13 |
14 | }
15 |
16 | contract B{
17 |
18 | uint x_;
19 | constructor(uint x) public {
20 | x_ = x;
21 | }
22 |
23 | function foo() public returns(uint){
24 | return x_;
25 | }
26 |
27 | }
28 |
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/reentrancy.bin.hex:
--------------------------------------------------------------------------------
1 | 6080604052600436106049576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806358bb390c14604e578063e11f493e146062575b600080fd5b348015605957600080fd5b5060606076565b005b348015606d57600080fd5b50607460b3565b005b600080549050600080819055503373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185875af1925050505050565b6000805490503373ffffffffffffffffffffffffffffffffffffffff168160405160006040518083038185875af1925050505060008081905550505600a165627a7a7230582030396157c93c7d0aa74379a416d6d4857fe3f9deabd718e25e33672d17a3c7d80029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_mapping_sym_1_fixed.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Safe version
3 |
4 | pragma solidity ^0.5.0;
5 |
6 | contract IntegerOverflowMappingSym1 {
7 | mapping(uint256 => uint256) map;
8 |
9 | function init(uint256 k, uint256 v) public {
10 | map[k] = sub(map[k], v);
11 | }
12 |
13 | //from SafeMath
14 | function sub(uint256 a, uint256 b) internal pure returns (uint256) {
15 | require(b <= a);//SafeMath uses assert here
16 | return a - b;
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/shadowing_inherited_state_variables/ShadowingInFunctions.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract ShadowingInFunctions {
4 | uint n = 2;
5 | uint x = 3;
6 |
7 | function test1() public view returns (uint n) {
8 | return n; // Will return 0
9 | }
10 |
11 | function test2() public view returns (uint n) {
12 | n = 1;
13 | return n; // Will return 1
14 | }
15 |
16 | function test3() public view returns (uint x) {
17 | uint n = 4;
18 | return n+x; // Will return 4
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnrestrictedEtherFlow2.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680633ccfd60b146041575b005b348015604c57600080fd5b5060536055565b005b600060149054906101000a900460ff161515606f57600080fd5b60008060146101000a81548160ff0219169083151502179055506000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc60019081150290604051600060405180830381858888f1935050505015801560f0573d6000803e3d6000fd5b505600a165627a7a72305820b018b305e485bd455572245bc202454cc0a5ddba82f71d8fc97ab97b3b2c2c5d0029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/requirement_violations/requirement_simple_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Bar {
4 | Foo private f = new Foo();
5 | function doubleBaz() public view returns (int256) {
6 | return 2 * f.baz(1); //Changes the external contract to not hit the overly strong requirement.
7 | }
8 | }
9 |
10 | contract Foo {
11 | function baz(int256 x) public pure returns (int256) {
12 | require(0 < x); //You can also fix the contract by changing the input to the uint type and removing the require
13 | return 42;
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/tx_origin/mycontract.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin
3 | * @author: Consensys Diligence
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract MyContract {
10 |
11 | address owner;
12 |
13 | constructor() public {
14 | owner = msg.sender;
15 | }
16 |
17 | function sendTo(address payable receiver, uint amount) public {
18 | require(tx.origin == owner);
19 | receiver.transfer(amount);
20 | }
21 |
22 | }
23 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/tx_origin/mycontract_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin
3 | * @author: Consensys Diligence
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract MyContract {
10 |
11 | address owner;
12 |
13 | constructor() public {
14 | owner = msg.sender;
15 | }
16 |
17 | function sendTo(address payable receiver, uint amount) public {
18 | require(msg.sender == owner);
19 | receiver.transfer(amount);
20 | }
21 |
22 | }
23 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_benign_1_fixed.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow never escapes function
3 | //Safe version
4 |
5 | pragma solidity ^0.5.0;
6 |
7 | contract IntegerOverflowBenign1 {
8 | uint public count = 1;
9 |
10 | function run(uint256 input) public {
11 | uint res = sub(count, input);
12 | }
13 |
14 | //from SafeMath
15 | function sub(uint256 a, uint256 b) internal pure returns (uint256) {
16 | require(b <= a);//SafeMath uses assert here
17 | return a - b;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnhandledException2.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806326121ff014610046575b600080fd5b34801561005257600080fd5b5061005b61005d565b005b600060026001026002600036604051808383808284378201915050925050506020604051808303816000865af115801561009b573d6000803e3d6000fd5b5050506040513d60208110156100b057600080fd5b8101908080519060200190929190505050600019161015610104573373ffffffffffffffffffffffffffffffffffffffff166108fc60039081150290604051600060405180830381858888f1935050505090505b505600a165627a7a723058206e061d4b0bd6b6e3f764372af477e07e59c7bc48c5f4345e63280ee9de10388b0029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/default_visibility_functions/visibility_not_set.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/sigp/solidity-security-blog#visibility
3 | * @author: SigmaPrime
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract HashForEther {
10 |
11 | function withdrawWinnings() public {
12 | // Winner if the last 8 hex characters of the address are 0.
13 | require(uint32(msg.sender) == 0);
14 | _sendWinnings();
15 | }
16 |
17 | function _sendWinnings() public {
18 | msg.sender.transfer(address(this).balance);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/MissingInputValidation.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632e1a7d4d14610046575b600080fd5b34801561005257600080fd5b5061007160048036038101908080359060200190929190505050610073565b005b806000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825403925050819055503373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f19350505050158015610105573d6000803e3d6000fd5b50505600a165627a7a7230582049f794c843e23fae0652ccb2fb2d2733a08ae93cc0630cf75d50ebd035dee7b00029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/default_visibility_functions/visibility_not_set_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/sigp/solidity-security-blog#visibility
3 | * @author: SigmaPrime
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract HashForEther {
10 |
11 | function withdrawWinnings() public {
12 | // Winner if the last 8 hex characters of the address are 0.
13 | require(uint32(msg.sender) == 0);
14 | _sendWinnings();
15 | }
16 |
17 | function _sendWinnings() internal{
18 | msg.sender.transfer(address(this).balance);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_minimal_fixed.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow escapes to publicly-readable storage
3 | //Safe version
4 |
5 | pragma solidity ^0.5.0;
6 |
7 | contract IntegerOverflowMinimal {
8 | uint public count = 1;
9 |
10 | function run(uint256 input) public {
11 | count = sub(count,input);
12 | }
13 |
14 | //from SafeMath
15 | function sub(uint256 a, uint256 b) internal pure returns (uint256) {
16 | require(b <= a);//SafeMath uses assert here
17 | return a - b;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/sha_of_sha_collision.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | * Assert violation with 2 message calls:
5 | * - set(66)
6 | * - check(0x4100000000000000000000000000000000000000000000000000000000000000)
7 | */
8 | pragma solidity ^0.5.0;
9 |
10 | contract ShaOfShaCollission{
11 |
12 | mapping(bytes32=>uint) m;
13 |
14 | function set(uint x) public {
15 | m[keccak256(abi.encodePacked("A", x))] = 1;
16 | }
17 | function check(uint x) public {
18 | assert(m[keccak256(abi.encodePacked(x, "B"))] == 0);
19 | }
20 |
21 | }
22 |
23 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/delegate_call_to_untrusted_callee/proxy_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Proxy {
4 |
5 | address callee;
6 | address owner;
7 |
8 | modifier onlyOwner {
9 | require(msg.sender == owner);
10 | _;
11 | }
12 |
13 | constructor() public {
14 | callee = address(0x0);
15 | owner = msg.sender;
16 | }
17 |
18 | function setCallee(address newCallee) public onlyOwner {
19 | callee = newCallee;
20 | }
21 |
22 | function forward(bytes memory _data) public {
23 | (bool success, bytes memory data) = (callee.delegatecall(_data));
24 | require(success);
25 | }
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/UnhandledException.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680633ccfd60b14610046575b600080fd5b34801561005257600080fd5b5061005b61005d565b005b3373ffffffffffffffffffffffffffffffffffffffff166108fc6000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549081150290604051600060405180830381858888f193505050505060008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055505600a165627a7a7230582042d623339707e1e96ef1d56483fdbcc30dccb3b54a8130509340827f00bc00ea0029
2 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Create2.java:
--------------------------------------------------------------------------------
1 | package ch.securify.decompiler.instructions;
2 |
3 | import ch.securify.decompiler.Variable;
4 |
5 | public class Create2 extends Instruction implements _TypeInstruction {
6 |
7 | @Override
8 | public String getStringRepresentation() {
9 | return getOutput()[0] + " = create2(endowment: " + getInput()[0] + ", memoffset: " + getInput()[1] +
10 | ", length: " + getInput()[2] + ", salt:" + getInput()[3] + ")";
11 | }
12 |
13 | public void computeResultTypes() {
14 | for (Variable output : getOutput()) {
15 | output.addValueType(getClass());
16 | }
17 | }
18 |
19 | }
20 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/LockedEtherDelegate.bin.hex:
--------------------------------------------------------------------------------
1 | 60806040526004361061003b576000357c0100000000000000000000000000000000000000000000000000000000900480630b7e9c441461003d575b005b34801561004957600080fd5b5061008c6004803603602081101561006057600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919050505061008e565b005b600060608273ffffffffffffffffffffffffffffffffffffffff1660405180807f30783132333400000000000000000000000000000000000000000000000000008152506006019050600060405180830381855af49150503d8060008114610112576040519150601f19603f3d011682016040523d82523d6000602084013e610117565b606091505b50809250819350505050505056fea165627a7a723058202ed306d8a2ce6805026ddfe3789e22fe3f13716600713e7d2770d7c1005a5d4d0029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_multitx_onefunc_feasible.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | //Multi-transactional, single function
7 | //Arithmetic instruction reachable
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract IntegerOverflowMultiTxOneFuncFeasible {
12 | uint256 private initialized = 0;
13 | uint256 public count = 1;
14 |
15 | function run(uint256 input) public {
16 | if (initialized == 0) {
17 | initialized = 1;
18 | return;
19 | }
20 |
21 | count -= input;
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_multitx_onefunc_infeasible.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | //Multi-transactional, single function
7 | //Overflow infeasible because arithmetic instruction not reachable
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract IntegerOverflowMultiTxOneFuncInfeasible {
12 | uint256 private initialized = 0;
13 | uint256 public count = 1;
14 |
15 | function run(uint256 input) public {
16 | if (initialized == 0) {
17 | return;
18 | }
19 |
20 | count -= input;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/random_number_generator.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | // Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18.
4 | contract RandomNumberGenerator {
5 | uint256 private salt = block.timestamp;
6 |
7 | function random(uint max) view private returns (uint256 result) {
8 | // Get the best seed for randomness
9 | uint256 x = salt * 100 / max;
10 | uint256 y = salt * block.number / (salt % 5);
11 | uint256 seed = block.number / 3 + (salt % 300) + y;
12 | uint256 h = uint256(blockhash(seed));
13 | // Random number between 1 and max
14 | return uint256((h / x)) % max + 1;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_multitx_multifunc_feasible.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | //Multi-transactional, multi-function
7 | //Arithmetic instruction reachable
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract IntegerOverflowMultiTxMultiFuncFeasible {
12 | uint256 private initialized = 0;
13 | uint256 public count = 1;
14 |
15 | function init() public {
16 | initialized = 1;
17 | }
18 |
19 | function run(uint256 input) public {
20 | if (initialized == 0) {
21 | return;
22 | }
23 |
24 | count -= input;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/write_to_arbitrary_storage_location/mapping_write.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | //This code is derived from the Capture the Ether https://capturetheether.com/challenges/math/mapping/
4 |
5 | contract Map {
6 | address public owner;
7 | uint256[] map;
8 |
9 | function set(uint256 key, uint256 value) public {
10 | if (map.length <= key) {
11 | map.length = key + 1;
12 | }
13 |
14 | map[key] = value;
15 | }
16 |
17 | function get(uint256 key) public view returns (uint256) {
18 | return map[key];
19 | }
20 | function withdraw() public{
21 | require(msg.sender == owner);
22 | msg.sender.transfer(address(this).balance);
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/constructor_create_modifiable.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | * Assert violation with 2 message calls:
5 | * - B.set_x(X): X != 10
6 | * - ContructorCreateModifiable.check()
7 | */
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract ContructorCreateModifiable{
12 | B b = new B(10);
13 |
14 | function check() public {
15 | assert(b.foo() == 10);
16 | }
17 |
18 | }
19 |
20 | contract B{
21 |
22 | uint x_;
23 | constructor(uint x) public {
24 | x_ = x;
25 | }
26 |
27 | function foo() public returns(uint){
28 | return x_;
29 | }
30 |
31 | function set_x(uint x) public {
32 | x_ = x;
33 | }
34 | }
35 |
36 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/shadowing_inherited_state_variables/TokenSale_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | //We fix the problem by eliminating the declaration which overrides the prefered hardcap.
4 |
5 | contract Tokensale {
6 | uint public hardcap = 10000 ether;
7 |
8 | constructor() public {}
9 |
10 | function fetchCap() public view returns(uint) {
11 | return hardcap;
12 | }
13 | }
14 |
15 | contract Presale is Tokensale {
16 | //uint hardcap = 1000 ether;
17 | //If the hardcap variables were both needed we would have to rename one to fix this.
18 | constructor() Tokensale() public {
19 | hardcap = 1000 ether; //We set the hardcap from the constructor for the Tokensale to be 1000 instead of 10000
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/securify.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name2_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 |
8 | pragma solidity ^0.5.0;
9 |
10 | contract Missing{
11 | address payable private owner;
12 |
13 | modifier onlyowner {
14 | require(msg.sender==owner);
15 | _;
16 | }
17 |
18 | constructor()
19 | public
20 | {
21 | owner = msg.sender;
22 | }
23 |
24 | function () payable external {}
25 |
26 | function withdraw()
27 | public
28 | onlyowner
29 | {
30 | owner.transfer(address(this).balance);
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name3_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract Missing{
10 | address payable private owner;
11 |
12 | modifier onlyowner {
13 | require(msg.sender==owner);
14 | _;
15 | }
16 |
17 | constructor()
18 | public
19 | {
20 | owner = msg.sender;
21 | }
22 |
23 | function () payable external {}
24 |
25 | function withdraw()
26 | public
27 | onlyowner
28 | {
29 | owner.transfer(address(this).balance);
30 | }
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/dos_gas_limit/dos_address.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract DosGas {
4 |
5 | address[] creditorAddresses;
6 | bool win = false;
7 |
8 | function emptyCreditors() public {
9 | if(creditorAddresses.length>1500) {
10 | creditorAddresses = new address[](0);
11 | win = true;
12 | }
13 | }
14 |
15 | function addCreditors() public returns (bool) {
16 | for(uint i=0;i<350;i++) {
17 | creditorAddresses.push(msg.sender);
18 | }
19 | return true;
20 | }
21 |
22 | function iWin() public view returns (bool) {
23 | return win;
24 | }
25 |
26 | function numberCreditors() public view returns (uint) {
27 | return creditorAddresses.length;
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name2.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 |
8 | pragma solidity ^0.5.0;
9 |
10 | contract Missing{
11 | address payable private owner;
12 |
13 | modifier onlyowner {
14 | require(msg.sender==owner);
15 | _;
16 | }
17 |
18 | function missing()
19 | public
20 | {
21 | owner = msg.sender;
22 | }
23 |
24 | function () payable external {}
25 |
26 | function withdraw()
27 | public
28 | onlyowner
29 | {
30 | owner.transfer(address(this).balance);
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name3.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract Missing{
10 | address payable private owner;
11 |
12 | modifier onlyowner {
13 | require(msg.sender==owner);
14 | _;
15 | }
16 |
17 | function Constructor()
18 | public
19 | {
20 | owner = msg.sender;
21 | }
22 |
23 | function () payable external {}
24 |
25 | function withdraw()
26 | public
27 | onlyowner
28 | {
29 | owner.transfer(address(this).balance);
30 | }
31 |
32 | }
33 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/reentracy/simple_dao.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#simpledao
3 | * @author: Atzei N., Bartoletti M., Cimoli T
4 | * Modified by Josselin Feist
5 | */
6 | pragma solidity ^0.5.0;
7 |
8 | contract SimpleDAO {
9 | mapping (address => uint) public credit;
10 |
11 | function donate(address to) payable public{
12 | credit[to] += msg.value;
13 | }
14 |
15 | function withdraw(uint amount) public{
16 | if (credit[msg.sender]>= amount) {
17 | (bool success, bytes memory data) = msg.sender.call.value(amount)("");
18 | require(success);
19 | credit[msg.sender]-=amount;
20 | }
21 | }
22 |
23 | function queryCredit(address to) view public returns(uint){
24 | return credit[to];
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/token-with-backdoor.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: TrailofBits workshop at TruffleCon 2018
3 | * @author: Josselin Feist (adapted for SWC by Bernhard Mueller)
4 | * Assert violation with 3 message calls:
5 | * - airdrop()
6 | * - backdoor()
7 | * - test_invariants()
8 | */
9 |
10 |
11 | contract Token{
12 |
13 | mapping(address => uint) public balances;
14 | function airdrop() public{
15 | balances[msg.sender] = 1000;
16 | }
17 |
18 | function consume() public{
19 | require(balances[msg.sender]>0);
20 | balances[msg.sender] -= 1;
21 | }
22 |
23 | function backdoor() public{
24 | balances[msg.sender] += 1;
25 | }
26 |
27 | function test_invariants() public {
28 | assert(balances[msg.sender] <= 1000);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/guess_the_random_number.sol:
--------------------------------------------------------------------------------
1 |
2 | /*
3 | * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/
4 | * @author: Steve Marx
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract GuessTheRandomNumberChallenge {
10 | uint8 answer;
11 |
12 | constructor() public payable {
13 | require(msg.value == 1 ether);
14 | answer = uint8(uint(keccak256(abi.encodePacked(blockhash(block.number - 1), now))));
15 | }
16 |
17 | function isComplete() public view returns (bool) {
18 | return address(this).balance == 0;
19 | }
20 |
21 | function guess(uint8 n) public payable {
22 | require(msg.value == 1 ether);
23 |
24 | if (n == answer) {
25 | msg.sender.transfer(2 ether);
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/utils/Resolver.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.utils;
20 |
21 | public interface Resolver {
22 | R resolve(A arg);
23 | }
24 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/reentracy/simple_dao_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#simpledao
3 | * @author: Atzei N., Bartoletti M., Cimoli T
4 | * Modified by Bernhard Mueller, Josselin Feist
5 | */
6 | pragma solidity ^0.5.0;
7 |
8 | contract SimpleDAO {
9 | mapping (address => uint) public credit;
10 |
11 | function donate(address to) payable public{
12 | credit[to] += msg.value;
13 | }
14 |
15 | function withdraw(uint amount) public {
16 | if (credit[msg.sender]>= amount) {
17 | credit[msg.sender]-=amount;
18 | (bool success, bytes memory data) = msg.sender.call.value(amount)("");
19 | require(success);
20 | }
21 | }
22 |
23 | function queryCredit(address to) view public returns (uint){
24 | return credit[to];
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/analysis/TimeoutException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.analysis;
20 |
21 | public class TimeoutException extends RuntimeException {}
22 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/transaction-reordering.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610610057576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680633155194c1461005c578063bc5a6c2014610073578063c7961f2a1461008a575b600080fd5b34801561006857600080fd5b506100716100a1565b005b34801561007f57600080fd5b506100886100df565b005b34801561009657600080fd5b5061009f610134565b005b60003490503373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f193505050505050565b60003073ffffffffffffffffffffffffffffffffffffffff163190503373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f193505050505050565b600080606491506064820290503373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051600060405180830381858888f193505050505050505600a165627a7a72305820e5c363293919f3a96e771acd295a233951dc65cfc8ec2c5506c858fd182581070029
2 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/MethodNameResolver.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler;
20 |
21 | public class MethodNameResolver {
22 |
23 |
24 |
25 |
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tn.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405234801561001057600080fd5b5060043610610048576000357c010000000000000000000000000000000000000000000000000000000090048063cadaacbf1461004d575b600080fd5b61008f6004803603602081101561006357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610091565b005b6000808273ffffffffffffffffffffffffffffffffffffffff166326121ff06040518163ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040160206040518083038186803b1580156100f657600080fd5b505afa15801561010a573d6000803e3d6000fd5b505050506040513d602081101561012057600080fd5b810190808051906020019092919050505073ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16151561018457600080fd5b5056fea165627a7a72305820a9adb3d3b2764c6b5fa93aa407e6aecf33393103b8ccd3fa1d5cc8b78051eda30029
2 |
3 |
--------------------------------------------------------------------------------
/docker_run_securify.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | """
3 | Author: Jakob Beckmann
4 |
5 | Copyright 2018 ChainSecurity AG
6 |
7 | Licensed under the Apache License, Version 2.0 (the "License");
8 | you may not use this file except in compliance with the License.
9 | You may obtain a copy of the License at
10 |
11 | http://www.apache.org/licenses/LICENSE-2.0
12 |
13 | Unless required by applicable law or agreed to in writing, software
14 | distributed under the License is distributed on an "AS IS" BASIS,
15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 | See the License for the specific language governing permissions and
17 | limitations under the License.
18 | """
19 | import sys
20 |
21 | from scripts import controller
22 |
23 | if __name__ == "__main__":
24 | ctrler = controller.Controller()
25 | return_code = ctrler.compile_and_report()
26 | sys.exit(return_code)
27 |
--------------------------------------------------------------------------------
/src/test/java/ch/securify/CompilationHelpersTest.java:
--------------------------------------------------------------------------------
1 | package ch.securify;
2 |
3 | import org.junit.Test;
4 |
5 | import java.util.List;
6 |
7 | import static org.junit.Assert.*;
8 |
9 | public class CompilationHelpersTest {
10 |
11 | @Test
12 | public void bytecodeOffsetToSourceOffset() {
13 | testBytecodeOffsetToSourceOffset("0:1:1;1:1:1;2:1:1;;;3:1:1", 1,0);
14 | testBytecodeOffsetToSourceOffset("0:1:1;1:1:1;2:1:1;;;3:1:1", 2,1);
15 | testBytecodeOffsetToSourceOffset("0:1:1;1:1:1;2:1:1;;;3:1:1", 6,3);
16 | testBytecodeOffsetToSourceOffset("0:1:1;1:1:1;2:1:1;;;3:1:1", 5,2);
17 | }
18 |
19 | public void testBytecodeOffsetToSourceOffset(String map, int index, int res) {
20 | List explodedMap = CompilationHelpers.explodeMappingString(map);
21 | assertEquals(CompilationHelpers.bytecodeOffsetToSourceOffset(index, explodedMap), res );
22 | }
23 | }
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/transaction_order_dependence/eth_tx_order_dependence_minimal.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract EthTxOrderDependenceMinimal {
9 | address payable public owner;
10 | bool public claimed;
11 | uint public reward;
12 |
13 | constructor() public {
14 | owner = msg.sender;
15 | }
16 |
17 | function setReward() public payable {
18 | require (!claimed);
19 |
20 | require(msg.sender == owner);
21 | owner.transfer(reward);
22 | reward = msg.value;
23 | }
24 |
25 | function claimReward(uint256 submission) public {
26 | require (!claimed);
27 | require(submission < 10);
28 |
29 | msg.sender.transfer(reward);
30 | claimed = true;
31 | }
32 | }
33 |
34 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_multitx_onefunc_feasible_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | //Multi-transactional, single function
7 | //Arithmetic instruction reachable (Safe)
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract IntegerOverflowMultiTxOneFuncFeasible {
12 |
13 | uint256 private initialized = 0;
14 | uint256 public count = 1;
15 |
16 | function run(uint256 input) public {
17 | if (initialized == 0) {
18 | initialized = 1;
19 | return;
20 | }
21 |
22 | count = sub(count, input);
23 | }
24 |
25 | //from SafeMath
26 | function sub(uint256 a, uint256 b) internal pure returns (uint256) {
27 | require(b <= a);//SafeMath uses assert here
28 | return a - b;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_mul_fixed.sol:
--------------------------------------------------------------------------------
1 | //Single transaction overflow
2 | //Post-transaction effect: overflow escapes to publicly-readable storage
3 | //Safe version
4 |
5 | pragma solidity ^0.5.0;
6 |
7 | contract IntegerOverflowMul {
8 | uint public count = 2;
9 |
10 | function run(uint256 input) public {
11 | count = mul(count, input);
12 | }
13 |
14 | //from SafeMath
15 | function mul(uint256 a, uint256 b) internal pure returns (uint256) {
16 | // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
17 | // benefit is lost if 'b' is also tested.
18 | // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
19 | if (a == 0) {
20 | return 0;
21 | }
22 |
23 | uint256 c = a * b;
24 | require(c / a == b);
25 |
26 | return c;
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TestShr.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | /*
3 | * Copyright 2019 ChainSecurity AG
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | *
17 | */
18 | contract TestShr {
19 | uint o;
20 | function f(uint a, uint b) public returns(uint x){
21 | assembly {
22 | x := shr(a,b)
23 | }
24 | o = x;
25 | return x;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/arbitrary_jump/FunctionTypes.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://gist.github.com/wadeAlexC/7a18de852693b3f890560ab6a211a2b8
3 | * @author: Alexander Wade
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract FunctionTypes {
9 |
10 | constructor() public payable { require(msg.value != 0); }
11 |
12 | function withdraw() private {
13 | require(msg.value == 0, 'dont send funds!');
14 | address(msg.sender).transfer(address(this).balance);
15 | }
16 |
17 | function frwd() internal
18 | { withdraw(); }
19 |
20 | struct Func { function () internal f; }
21 |
22 | function breakIt() public payable {
23 | require(msg.value != 0, 'send funds!');
24 | Func memory func;
25 | func.f = frwd;
26 | assembly { mstore(func, add(mload(func), callvalue)) }
27 | func.f();
28 | }
29 | }
30 |
31 |
32 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name1_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract Missing{
10 | address payable private owner;
11 |
12 | modifier onlyowner {
13 | require(msg.sender==owner);
14 | _;
15 | }
16 |
17 | // The name of the constructor should be Missing
18 | // Anyone can call the IamMissing once the contract is deployed
19 | constructor()
20 | public
21 | {
22 | owner = msg.sender;
23 | }
24 |
25 | function () payable external {}
26 |
27 | function withdraw()
28 | public
29 | onlyowner
30 | {
31 | owner.transfer(address(this).balance);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/write_to_arbitrary_storage_location/arbitrary_location_write_simple.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Wallet {
4 | uint[] private bonusCodes;
5 | address private owner;
6 |
7 | constructor() public {
8 | bonusCodes = new uint[](0);
9 | owner = msg.sender;
10 | }
11 |
12 | function () external payable {
13 | }
14 |
15 | function PushBonusCode(uint c) public {
16 | bonusCodes.push(c);
17 | }
18 |
19 | function PopBonusCode() public {
20 | require(0 <= bonusCodes.length);
21 | bonusCodes.length--;
22 | }
23 |
24 | function UpdateBonusCodeAt(uint idx, uint c) public {
25 | require(idx < bonusCodes.length);
26 | bonusCodes[idx] = c;
27 | }
28 |
29 | function Destroy() public {
30 | require(msg.sender == owner);
31 | selfdestruct(msg.sender);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/delegate_call_to_untrusted_callee/proxy_pattern_false_positive.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract proxy{
4 | address owner;
5 |
6 | function proxyCall(address _to, bytes calldata _data) external {
7 | (bool success, bytes memory data) = _to.delegatecall(_data);
8 | require(!success);
9 | }
10 |
11 | function withdraw() external{
12 | require(msg.sender == owner);
13 | msg.sender.transfer(address(this).balance);
14 | }
15 | }
16 |
17 | /*
18 | You can't use proxyCall to change the owner address as either:
19 |
20 | 1) the delegatecall reverts and thus does not change owner
21 | 2) the delegatecall does not revert and therefore will cause the proxyCall to revert and preventing owner from changing
22 |
23 | This false positive may seem like a really edge case, however since you can revert data back to proxy this patern is useful for proxy architectures
24 | */
25 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/invalid_constructor_name/incorrect_constructor_name1.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
3 | * @author: Ben Perez
4 | * Modified by Gerhard Wagner
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract Missing{
10 | address payable private owner;
11 |
12 | modifier onlyowner {
13 | require(msg.sender==owner);
14 | _;
15 | }
16 |
17 | // The name of the constructor should be Missing
18 | // Anyone can call the IamMissing once the contract is deployed
19 | function IamMissing()
20 | public
21 | {
22 | owner = msg.sender;
23 | }
24 |
25 | function () payable external {}
26 |
27 | function withdraw()
28 | public
29 | onlyowner
30 | {
31 | owner.transfer(address(this).balance);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_AddressType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class _AddressType extends Instruction {
22 | public static int addressLength = 20; // Bytes
23 |
24 | }
25 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODTransfer.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405260043610610041576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063226e522714610046575b600080fd5b34801561005257600080fd5b506100ad600480360381019080803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091929192905050506100af565b005b6000809054906101000a900460ff161515156100ca57600080fd5b63deadbeef600102816040518082805190602001908083835b60208310151561010857805182526020820191506020810190506020830392506100e3565b6001836020036101000a03801982511681845116808217855250505050505090500191505060405180910390206000191614156101a95760016000806101000a81548160ff0219169083151502179055503373ffffffffffffffffffffffffffffffffffffffff166108fc670de0b6b3a76400009081150290604051600060405180830381858888f193505050501580156101a7573d6000803e3d6000fd5b505b505600a165627a7a72305820a6e1b2df6408704b16a901fa139c19bf5150e187e188f04bd77d18387ca923820029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TestExtcodehash.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.5.2;
2 | /*
3 | * Copyright 2019 ChainSecurity AG
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | *
17 | */
18 | contract TestExtcodehash {
19 | bytes32 bb;
20 | function f(address a) public returns(bytes32 b) {
21 | assembly {
22 | b := extcodehash(a)
23 | }
24 | bb = b;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TestShl.sol:
--------------------------------------------------------------------------------
1 | pragma solidity 0.4.23;
2 | /*
3 | * Copyright 2019 ChainSecurity AG
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | *
17 | */
18 | contract TestShl {
19 | uint xx;
20 | function f(uint a, uint b) public returns(uint x){
21 | assembly {
22 | x := shl(a,b)
23 | }
24 | xx = x;
25 | return x;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/scripts/solc_file.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | """
4 | Authors: Tobias Kaiser, Jakob Beckmann
5 |
6 | Copyright 2018 ChainSecurity AG
7 |
8 | Licensed under the Apache License, Version 2.0 (the "License");
9 | you may not use this file except in compliance with the License.
10 | You may obtain a copy of the License at
11 |
12 | http://www.apache.org/licenses/LICENSE-2.0
13 |
14 | Unless required by applicable law or agreed to in writing, software
15 | distributed under the License is distributed on an "AS IS" BASIS,
16 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 | See the License for the specific language governing permissions and
18 | limitations under the License.
19 | """
20 |
21 | from . import solc_project
22 |
23 | class SolcFile(solc_project.SolcProject):
24 | """A single solidity file that uses the `solc` compiler.
25 | """
26 |
27 | def _get_sol_files(self):
28 | return [str(self.project_root)]
29 |
30 |
31 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/ReturnDataSize.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 ChainSecurity AG
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class ReturnDataSize extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "returndatasize()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/integer_overflow_multitx_multifunc_feasible_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite
3 | * @author: Suhabe Bugrara
4 | */
5 |
6 | //Multi-transactional, multi-function
7 | //Arithmetic instruction reachable (Safe)
8 |
9 | pragma solidity ^0.5.0;
10 |
11 | contract IntegerOverflowMultiTxMultiFuncFeasible {
12 | uint256 private initialized = 0;
13 | uint256 public count = 1;
14 |
15 | function init() public {
16 | initialized = 1;
17 | }
18 |
19 | function run(uint256 input) public {
20 | if (initialized == 0) {
21 | return;
22 | }
23 |
24 | count = sub(count, input);
25 | }
26 |
27 | //from SafeMath
28 | function sub(uint256 a, uint256 b) internal pure returns (uint256) {
29 | require(b <= a);//SafeMath uses assert here
30 | return a - b;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/analysis/Status.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.analysis;
20 |
21 | public class Status {
22 | public final static int UNKNOWN = -1;
23 | public final static int UNSATISFIABLE = 0;
24 | public final static int SATISFIABLE = 1;
25 | }
26 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/call_best_practices/send_loop.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/#dos-with-unexpected-revert
3 | * @author: ConsenSys Diligence
4 | * Modified by Bernhard Mueller
5 | */
6 |
7 | pragma solidity ^0.5.0;
8 |
9 | contract Refunder {
10 |
11 | address payable[] private refundAddresses;
12 | mapping (address => uint) public refunds;
13 |
14 | constructor() public {
15 | refundAddresses.push(0x79B483371E87d664cd39491b5F06250165e4b184);
16 | refundAddresses.push(0x79B483371E87d664cd39491b5f06250165e4b185);
17 | }
18 |
19 | // bad
20 | function refundAll() public {
21 | for(uint x; x < refundAddresses.length; x++) { // arbitrary length iteration based on how many addresses participated
22 | require(refundAddresses[x].send(refunds[refundAddresses[x]])); // doubly bad, now a single failure on send will hold up all funds
23 | }
24 | }
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Stop.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Stop extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "stop()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_NoOp.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | /**
22 | * Marker interface for instructions that do not have any effect in a stackless environment.
23 | */
24 | public interface _NoOp {
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_ReturnsAddress.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | // TODO: Add this interface to all the instructions that return as output an EVM address
22 | public interface _ReturnsAddress {
23 |
24 | }
25 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_TypeInstruction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | /**
22 | * Marker interface for instructions that define the type of their output variables.
23 | */
24 | public interface _TypeInstruction {
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/utils/DevNullPrintStream.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.utils;
20 |
21 | import java.io.PrintStream;
22 |
23 | public class DevNullPrintStream extends PrintStream {
24 |
25 | public DevNullPrintStream() {
26 | super(new DevNull());
27 | }
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/analysis/Config.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.analysis;
20 |
21 | public class Config {
22 |
23 | public static final int PATTERN_TIMEOUT = 20 * 60; // seconds
24 | public static final int THRESHOLD_COMPILE = 200; // instructions per contract
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Swap.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Swap extends Instruction implements _NoOp {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "swap";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_VirtualInstruction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | /**
22 | * Marker interface for instructions that do not directly represent an EVM instruction.
23 | */
24 | public interface _VirtualInstruction {
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Pop.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Pop extends Instruction implements _NoOp {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "pop " + getInput()[0];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Revert.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 ChainSecurity AG
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Revert extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "revert(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODAmount.bin.hex:
--------------------------------------------------------------------------------
1 | 60806040526004361061004c576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806391b7f5ed146100515780639904e1741461007e575b600080fd5b34801561005d57600080fd5b5061007c60048036038101908080359060200190929190505050610095565b005b34801561008a57600080fd5b506100936100f6565b005b600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614156100f357806001819055505b50565b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905060008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055503373ffffffffffffffffffffffffffffffffffffffff166108fc60015483029081150290604051600060405180830381858888f193505050501580156101c7573d6000803e3d6000fd5b50505600a165627a7a723058203a3ca24f34e3a03e0d6f8a22c8b454b920fbd41c5a2735cc8005495877239d040029
2 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/write_to_arbitrary_storage_location/arbitrary_location_write_simple_fixed.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract Wallet {
4 | uint[] private bonusCodes;
5 | address private owner;
6 |
7 | constructor() public {
8 | bonusCodes = new uint[](0);
9 | owner = msg.sender;
10 | }
11 |
12 | function () external payable {
13 | }
14 |
15 | function PushBonusCode(uint c) public {
16 | bonusCodes.push(c);
17 | }
18 |
19 | function PopBonusCode() public {
20 | require(0 < bonusCodes.length);
21 | bonusCodes.length--;
22 | }
23 |
24 | function UpdateBonusCodeAt(uint idx, uint c) public {
25 | require(idx < bonusCodes.length); //Since you now have to push very codes this is no longer an arbitray write.
26 | bonusCodes[idx] = c;
27 | }
28 |
29 | function Destroy() public {
30 | require(msg.sender == owner);
31 | selfdestruct(msg.sender);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SelfDestruct.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SelfDestruct extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() { return "selfdestruct(addr: " + getInput()[0] + ")"; }
25 |
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Gas.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Gas extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = gas()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Pc.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Pc extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = pc()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/MSize.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class MSize extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = msize()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Or.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Or extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " | " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/MLoad.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class MLoad extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = mload(memoffset: " + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Mod.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Mod extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " % " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Origin.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Origin extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = origin()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SDiv.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SDiv extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " / " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SLoad.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SLoad extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = sload(storeindex: " + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SMod.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SMod extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " % " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Xor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Xor extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " ^ " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/ctf/tokensalechallenge.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://capturetheether.com/challenges/math/token-sale/
3 | * @author: Steve Marx
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract TokenSaleChallenge {
9 | mapping(address => uint256) public balanceOf;
10 | uint256 constant PRICE_PER_TOKEN = 1 ether;
11 |
12 | constructor(address _player) public payable {
13 | require(msg.value == 1 ether);
14 | }
15 |
16 | function isComplete() public view returns (bool) {
17 | return address(this).balance < 1 ether;
18 | }
19 |
20 | function buy(uint256 numTokens) public payable {
21 | require(msg.value == numTokens * PRICE_PER_TOKEN);
22 |
23 | balanceOf[msg.sender] += numTokens;
24 | }
25 |
26 | function sell(uint256 numTokens) public {
27 | require(balanceOf[msg.sender] >= numTokens);
28 |
29 | balanceOf[msg.sender] -= numTokens;
30 | msg.sender.transfer(numTokens * PRICE_PER_TOKEN);
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Address.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Address extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = address()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CodeSize.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CodeSize extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = codesize()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Coinbase.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Coinbase extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = coinbase()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Eq.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Eq extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " == " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/GasLimit.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class GasLimit extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = gaslimit()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/GasPrice.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class GasPrice extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = gasprice()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Gt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Gt extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " > " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Lt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Lt extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " < " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Sgt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Sgt extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " > " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Slt.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Slt extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " < " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CallValue.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CallValue extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = callvalue()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Difficulty.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Difficulty extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = difficulty()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/BlockNumber.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class BlockNumber extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = blocknumber()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Caller.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Caller extends Instruction implements _TypeInstruction, _ReturnsAddress {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = caller()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/MStore.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class MStore extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "mstore(memoffset: " + getInput()[0] + ", value: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/MStore8.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class MStore8 extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "mstore8(memoffset: " + getInput()[0] + ", value: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Return.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Return extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "return(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SStore.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SStore extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "sstore(storeindex: " + getInput()[0] + ", value: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_constructor.json:
--------------------------------------------------------------------------------
1 | {
2 | "src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/assert_constructor.sol:AssertConstructor": {
3 | "results": {},
4 | "securifyErrors": {
5 | "errors": [
6 | {
7 | "error": "decompilation_error",
8 | "stackTrace": "java.util.EmptyStackException\n\tat java.util.Stack.peek(Stack.java:102)\n\tat java.util.Stack.pop(Stack.java:84)\n\tat ch.securify.decompiler.Variable.takeFromStack(Variable.java:83)\n\tat ch.securify.decompiler.InstructionFactory.createAndApply(InstructionFactory.java:92)\n\tat ch.securify.decompiler.DecompilerFallback.decompile(DecompilerFallback.java:111)\n\tat ch.securify.Main.decompileContract(Main.java:280)\n\tat ch.securify.Main.processHexFile(Main.java:152)\n\tat ch.securify.Main.processCompilationOutput(Main.java:121)\n\tat ch.securify.Main.processSolidityFile(Main.java:96)\n\tat ch.securify.Main.main(Main.java:231)\n"
9 | }
10 | ]
11 | }
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CallDataSize.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CallDataSize extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = calldatasize()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/BlockTimestamp.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class BlockTimestamp extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = blocktimestamp()";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Byte.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Byte extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = byte(byteno: " + getInput()[0] + ", word: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Div.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Div extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = " + getInput()[0] + " / " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/random_number_generator.json:
--------------------------------------------------------------------------------
1 | {
2 | "src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/random_number_generator.sol:RandomNumberGenerator": {
3 | "results": {},
4 | "securifyErrors": {
5 | "errors": [
6 | {
7 | "error": "decompilation_error",
8 | "stackTrace": "java.util.EmptyStackException\n\tat java.util.Stack.peek(Stack.java:102)\n\tat java.util.Stack.pop(Stack.java:84)\n\tat ch.securify.decompiler.Variable.takeFromStack(Variable.java:83)\n\tat ch.securify.decompiler.InstructionFactory.createAndApply(InstructionFactory.java:92)\n\tat ch.securify.decompiler.DecompilerFallback.decompile(DecompilerFallback.java:111)\n\tat ch.securify.Main.decompileContract(Main.java:280)\n\tat ch.securify.Main.processHexFile(Main.java:152)\n\tat ch.securify.Main.processCompilationOutput(Main.java:121)\n\tat ch.securify.Main.processSolidityFile(Main.java:96)\n\tat ch.securify.Main.main(Main.java:231)\n"
9 | }
10 | ]
11 | }
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/AddMod.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class AddMod extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " + " + getInput()[1] + ") % " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/BlockHash.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class BlockHash extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = blockhash(" + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/MulMod.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class MulMod extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = (" + getInput()[0] + " * " + getInput()[1] + ") % " + getInput()[1];
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/utils/DevNull.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.utils;
20 |
21 | import java.io.OutputStream;
22 |
23 | public class DevNull extends OutputStream {
24 |
25 | @Override
26 | public void write(int b) {
27 | // noop
28 | }
29 |
30 | @Override
31 | public void write(byte[] b, int off, int len) {
32 | // noop
33 | }
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/integer_overflow_and_underflow/overflow_vulnerable_and_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://github.com/ConsenSys/smart-contract-best-practices
3 | * @author: Consensys Diligence
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract OverflowVulnerableAndFixed {
9 |
10 | mapping (address => uint256) public balanceOf;
11 |
12 | // INSECURE
13 | function transfer1(address _to, uint256 _value) public {
14 | /* Check if sender has balance */
15 | require(balanceOf[msg.sender] >= _value);
16 | /* Add and subtract new balances */
17 | balanceOf[msg.sender] -= _value;
18 | balanceOf[_to] += _value;
19 | }
20 |
21 | // SECURE
22 | function transfer2(address _to, uint256 _value) public {
23 | /* Check if sender has balance and for overflows */
24 | require(balanceOf[msg.sender] >= _value && balanceOf[_to] + _value >= balanceOf[_to]);
25 |
26 | /* Add and subtract new balances */
27 | balanceOf[msg.sender] -= _value;
28 | balanceOf[_to] += _value;
29 | }
30 | }
31 |
32 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Balance.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Balance extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = balance(address: " + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CallDataLoad.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CallDataLoad extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = calldataload(" + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Invalid.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | /**
22 | * Instruction representing any invalid bytecode instruction.
23 | */
24 | public class Invalid extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "throw()";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/ReturnDataCopy.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 ChainSecurity AG
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class ReturnDataCopy extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "returndatacopy(memoffset: " + getInput()[0] + ", returndataoffset: " + getInput()[1] + ", length: " + getInput()[2] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/SignExtend.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class SignExtend extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = signextend(bytes: " + getInput()[0] + ", value: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/ExtCodeSize.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class ExtCodeSize extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = extcodesize(address: " + getInput()[0] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/mapping_performance_1.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract MappingPerformance1set{
8 |
9 | mapping(bytes32=>uint) m0;
10 | mapping(bytes32=>uint) m1;
11 | mapping(bytes32=>uint) m2;
12 | mapping(bytes32=>uint) m3;
13 | mapping(bytes32=>uint) m4;
14 | mapping(bytes32=>uint) m5;
15 | uint b;
16 |
17 | constructor() public {
18 | b = 10;
19 | }
20 |
21 | function set(bytes32 a, uint cond) public {
22 | if(cond == 0){
23 | m0[a] = 5;
24 | }else if(cond == 1){
25 | m1[a] = 5;
26 | }else if(cond == 2){
27 | m2[a] = 5;
28 | }else if(cond == 3){
29 | m3[a] = 5;
30 | }else if(cond == 4){
31 | m4[a] = 5;
32 | }
33 | }
34 | function check(bytes32 a0, uint cond0, bytes32 a) public {
35 | set(a0, cond0);
36 | assert(m5[a] == 0);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CodeCopy.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CodeCopy extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "codecopy(memoffset: " + getInput()[0] + ", codeoffset: " + getInput()[1] + ", length: " + getInput()[2] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Sha3.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Sha3 extends Instruction implements _TypeInstruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return getOutput()[0] + " = sha3(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_UnknownInstruction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | /**
22 | * Placeholder instruction class for opcodes that do not have a specific instruction class yet.
23 | * TODO: implement all instructions and make this obsolete.
24 | */
25 | public class _UnknownInstruction extends Instruction {
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/TODReceiver.bin.hex:
--------------------------------------------------------------------------------
1 | 60806040526004361061004c576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063226e5227146100515780633d18b912146100ba575b600080fd5b34801561005d57600080fd5b506100b8600480360381019080803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091929192905050506100d1565b005b3480156100c657600080fd5b506100cf61018a565b005b63deadbeef600102816040518082805190602001908083835b60208310151561010f57805182526020820191506020810190506020830392506100ea565b6001836020036101000a038019825116818451168082178552505050505050905001915050604051809103902060001916141561018757336000806101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b50565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc349081150290604051600060405180830381858888f193505050501580156101f1573d6000803e3d6000fd5b505600a165627a7a72305820b499dfa2f8bf69f0cfbe6e86db0e748777d1a6f5c3fd74e0662773cabd98bf0f0029
2 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CallDataCopy.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class CallDataCopy extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "calldatacopy(memoffset: " + getInput()[0] + ", inputoffset: " + getInput()[1] + ", length: " + getInput()[2] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Log0.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | /*
20 | * Floern, dev@floern.com, 2017, MIT Licence
21 | */
22 | package ch.securify.decompiler.instructions;
23 |
24 | public class Log0 extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "log(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ")";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Shr.java:
--------------------------------------------------------------------------------
1 | package ch.securify.decompiler.instructions;
2 |
3 | import ch.securify.decompiler.Variable;
4 | import ch.securify.utils.BigIntUtil;
5 |
6 | import java.math.BigInteger;
7 |
8 | public class Shr extends Instruction {
9 |
10 | @Override
11 | public String getStringRepresentation() {
12 | return getOutput()[0] + " = " + getInput()[1] + " >> " + getInput()[0];
13 | }
14 |
15 | @Override
16 | public void computeResultValues() {
17 | if (getInput()[0].hasConstantValue() && getInput()[1].hasConstantValue() &&
18 | getOutput()[0].getConstantValue() == Variable.VALUE_UNDEFINED) {
19 | BigInteger a = BigIntUtil.fromInt256(getInput()[0].getConstantValue());
20 | BigInteger b = BigIntUtil.fromInt256(getInput()[1].getConstantValue());
21 | BigInteger r = b.shiftRight(a.intValueExact());
22 | getOutput()[0].setConstantValue(BigIntUtil.toInt256(r));
23 | } else {
24 | getOutput()[0].setConstantValue(Variable.VALUE_ANY);
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/AssumptionViolatedException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler;
20 |
21 | /**
22 | * An assumption made by the decompiler regarding the EVM bytecode has been violated.
23 | */
24 | public class AssumptionViolatedException extends IllegalArgumentException {
25 |
26 | public AssumptionViolatedException(String message) {
27 | super(message);
28 | }
29 |
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Shl.java:
--------------------------------------------------------------------------------
1 | package ch.securify.decompiler.instructions;
2 |
3 | import ch.securify.decompiler.Variable;
4 | import ch.securify.utils.BigIntUtil;
5 |
6 | import java.math.BigInteger;
7 |
8 | public class Shl extends Instruction {
9 |
10 | @Override
11 | public String getStringRepresentation() {
12 | return getOutput()[0] + " = " + getInput()[1] + " << " + getInput()[0];
13 | }
14 |
15 | @Override
16 | public void computeResultValues() {
17 | if (getInput()[0].hasConstantValue() && getInput()[1].hasConstantValue() &&
18 | getOutput()[0].getConstantValue() == Variable.VALUE_UNDEFINED) {
19 | BigInteger a = BigIntUtil.fromInt256(getInput()[0].getConstantValue());
20 | BigInteger b = BigIntUtil.fromInt256(getInput()[1].getConstantValue());
21 | BigInteger r = b.shiftLeft(a.intValueExact());
22 | getOutput()[0].setConstantValue(BigIntUtil.toInt256(r));
23 | } else {
24 | getOutput()[0].setConstantValue(Variable.VALUE_ANY);
25 | }
26 | }
27 | }
28 |
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Dup.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | import ch.securify.decompiler.Variable;
22 |
23 | public class Dup extends Instruction implements _NoOp {
24 |
25 | public Dup(Variable var) {
26 | setOutput(var);
27 | }
28 |
29 | @Override
30 | public String getStringRepresentation() {
31 | return "dup " + getOutput()[0];
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/ExtCodeCopy.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class ExtCodeCopy extends Instruction {
22 |
23 | @Override
24 | public String getStringRepresentation() {
25 | return "extcodecopy(address: " + getInput()[0] + ", memoffset: " + getInput()[1] + ", codeoffset: " + getInput()[2] + ", length: " + getInput()[3] + ")";
26 | }
27 |
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Log1.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | /*
20 | * Floern, dev@floern.com, 2017, MIT Licence
21 | */
22 | package ch.securify.decompiler.instructions;
23 |
24 | public class Log1 extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "log(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ", t1: " + getInput()[2] + ")";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/wallet_03_wrong_constructor.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | /* User can add pay in and withdraw Ether.
4 | The constructor is wrongly named, so anyone can become 'creator' and withdraw all funds.
5 | */
6 |
7 | contract Wallet {
8 | address creator;
9 |
10 | mapping(address => uint256) balances;
11 |
12 | function initWallet() public {
13 | creator = msg.sender;
14 | }
15 |
16 | function deposit() public payable {
17 | assert(balances[msg.sender] + msg.value > balances[msg.sender]);
18 | balances[msg.sender] += msg.value;
19 | }
20 |
21 | function withdraw(uint256 amount) public {
22 | require(amount <= balances[msg.sender]);
23 | msg.sender.transfer(amount);
24 | balances[msg.sender] -= amount;
25 | }
26 |
27 | // In an emergency the owner can migrate allfunds to a different address.
28 |
29 | function migrateTo(address payable to) public {
30 | require(creator == msg.sender);
31 | to.transfer(address(this).balance);
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/CallingInstruction.java:
--------------------------------------------------------------------------------
1 | package ch.securify.decompiler.instructions;
2 |
3 | import ch.securify.decompiler.Variable;
4 | import ch.securify.utils.BigIntUtil;
5 |
6 | import java.math.BigInteger;
7 |
8 | public abstract class CallingInstruction extends Instruction {
9 | public abstract int getInputMemoryOffset();
10 |
11 | public abstract int getInputMemorySize();
12 |
13 | public abstract Variable getValue();
14 |
15 | public boolean isBuiltInContractCall() {
16 | Variable toAddrVar = this.getInput()[1];
17 | if (toAddrVar.hasConstantValue()) {
18 | BigInteger toAddr = BigIntUtil.fromInt256(toAddrVar.getConstantValue());
19 | // is call to built-in contract
20 | final BigInteger firstPrecompiledContractAddress = BigInteger.valueOf(1);
21 | final BigInteger lastPrecompiledContractAddress = BigInteger.valueOf(8);
22 | return toAddr.compareTo(firstPrecompiledContractAddress) >= 0 &&
23 | toAddr.compareTo(lastPrecompiledContractAddress) <= 0;
24 | }
25 | return false;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/model/CompiledContracts.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.model;
20 |
21 | import java.util.Map;
22 |
23 | public class CompiledContracts {
24 |
25 | private Map contracts;
26 | private String[] sourceList;
27 |
28 | public Map getContracts() {
29 | return contracts;
30 | }
31 |
32 | public String[] sourceList() {
33 | return sourceList;
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/dos_gas_limit/dos_number.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract DosNumber {
4 |
5 | uint numElements = 0;
6 | uint[] array;
7 |
8 | function insertNnumbers(uint value,uint numbers) public {
9 |
10 | // Gas DOS if number > 382 more or less, it depends on actual gas limit
11 | for(uint i=0;i1500);
21 | numElements = 0;
22 | }
23 |
24 | // Gas DOS clear
25 | function clearDOS() public {
26 |
27 | // number depends on actual gas limit
28 | require(numElements>1500);
29 | array = new uint[](0);
30 | numElements = 0;
31 | }
32 |
33 | function getLengthArray() public view returns(uint) {
34 | return numElements;
35 | }
36 |
37 | function getRealLengthArray() public view returns(uint) {
38 | return array.length;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Log2.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | /*
20 | * Floern, dev@floern.com, 2017, MIT Licence
21 | */
22 | package ch.securify.decompiler.instructions;
23 |
24 | public class Log2 extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "log(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ", t1: " + getInput()[2] + ", t2: " + getInput()[3] + ")";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/assert_violations/mapping_perfomance_2.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: ChainSecurity
3 | * @author: Anton Permenev
4 | */
5 | pragma solidity ^0.5.0;
6 |
7 | contract MappingPerformance2sets{
8 |
9 | mapping(bytes32=>uint) m0;
10 | mapping(bytes32=>uint) m1;
11 | mapping(bytes32=>uint) m2;
12 | mapping(bytes32=>uint) m3;
13 | mapping(bytes32=>uint) m4;
14 | mapping(bytes32=>uint) m5;
15 | uint b;
16 |
17 | constructor() public {
18 | b = 10;
19 | }
20 |
21 | function set(bytes32 a, uint cond) public {
22 | if(cond == 0){
23 | m0[a] = 5;
24 | }else if(cond == 1){
25 | m1[a] = 5;
26 | }else if(cond == 2){
27 | m2[a] = 5;
28 | }else if(cond == 3){
29 | m3[a] = 5;
30 | }else if(cond == 4){
31 | m4[a] = 5;
32 | }
33 | }
34 | function check(bytes32 a0, uint cond0,
35 | bytes32 a1, uint cond1, bytes32 a) public {
36 | set(a0, cond0);
37 | set(a1, cond1);
38 | assert(m5[a] == 0);
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/model/CompiledContract.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.model;
20 |
21 | import com.google.gson.annotations.SerializedName;
22 |
23 | public class CompiledContract {
24 |
25 | @SerializedName("bin-runtime")
26 | private String bin;
27 |
28 | @SerializedName("srcmap-runtime")
29 | private String srcmap;
30 |
31 | public String getBinary() {
32 | return bin;
33 | }
34 |
35 | public String getSrcmap() {
36 | return srcmap;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/utils/MapUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.utils;
20 |
21 | import java.util.HashMap;
22 | import java.util.Map;
23 |
24 | public class MapUtil {
25 |
26 |
27 | public static Map createWith(K key, V value) {
28 | Map map = new HashMap<>();
29 | map.put(key, value);
30 | return map;
31 | }
32 |
33 |
34 | public static Map copy(Map map) {
35 | return new HashMap<>(map);
36 | }
37 |
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Log3.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | /*
20 | * Floern, dev@floern.com, 2017, MIT Licence
21 | */
22 | package ch.securify.decompiler.instructions;
23 |
24 | public class Log3 extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "log(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ", t1: " + getInput()[2] + ", t2: " + getInput()[3] + ", t3: " + getInput()[4] + ")";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/model/Contract.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.model;
20 |
21 | public class Contract {
22 |
23 | private String contractAddress;
24 | //private String init;
25 |
26 | private String code;
27 |
28 | public String getContractAddress() {
29 | return contractAddress;
30 | }
31 |
32 |
33 | public String getCode() {
34 | return code.substring(2);
35 | }
36 |
37 |
38 | public void setCode(String code) {
39 | this.code = code;
40 | }
41 |
42 | }
43 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/wallet_04_confused_sign.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | /* User can add pay in and withdraw Ether.
4 | Unfortunatelty, the developer was drunk and used the wrong comparison operator in "withdraw()"
5 | Anybody can withdraw arbitrary amounts of Ether :()
6 | */
7 |
8 | contract Wallet {
9 | address creator;
10 |
11 | mapping(address => uint256) balances;
12 |
13 | constructor() public {
14 | creator = msg.sender;
15 | }
16 |
17 | function deposit() public payable {
18 | assert(balances[msg.sender] + msg.value > balances[msg.sender]);
19 | balances[msg.sender] += msg.value;
20 | }
21 |
22 | function withdraw(uint256 amount) public {
23 | require(amount >= balances[msg.sender]);
24 | msg.sender.transfer(amount);
25 | balances[msg.sender] -= amount;
26 | }
27 |
28 | // In an emergency the owner can migrate allfunds to a different address.
29 |
30 | function migrateTo(address payable to) public {
31 | require(creator == msg.sender);
32 | to.transfer(address(this).balance);
33 | }
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/securify_main.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Log4.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | /*
20 | * Floern, dev@floern.com, 2017, MIT Licence
21 | */
22 | package ch.securify.decompiler.instructions;
23 |
24 | public class Log4 extends Instruction {
25 |
26 | @Override
27 | public String getStringRepresentation() {
28 | return "log(memoffset: " + getInput()[0] + ", length: " + getInput()[1] + ", t1: " + getInput()[2] + ", t2: " + getInput()[3] + ", t3: " + getInput()[4] + ", t4: " + getInput()[5] + ")";
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/wallet_01_ok.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | /* User can add pay in and withdraw Ether.
4 | Nobody can withdraw more Ether than they paid in.
5 | */
6 |
7 | contract Wallet {
8 | address creator;
9 |
10 | mapping(address => uint256) balances;
11 |
12 | constructor() public {
13 | creator = msg.sender;
14 | }
15 |
16 | function deposit() public payable {
17 | assert(balances[msg.sender] + msg.value > balances[msg.sender]);
18 | balances[msg.sender] += msg.value;
19 | }
20 |
21 | function withdraw(uint256 amount) public {
22 | require(amount <= balances[msg.sender]);
23 | msg.sender.transfer(amount);
24 | balances[msg.sender] -= amount;
25 | }
26 |
27 | function refund() public {
28 | msg.sender.transfer(balances[msg.sender]);
29 | balances[msg.sender] = 0;
30 | }
31 |
32 | // In an emergency the owner can migrate allfunds to a different address.
33 |
34 | function migrateTo(address payable to) public {
35 | require(creator == msg.sender);
36 | to.transfer(address(this).balance);
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2018-present Smart Contract Weakness Classification Registry
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/utils/StreamUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.utils;
20 |
21 | import java.util.Map;
22 | import java.util.concurrent.ConcurrentHashMap;
23 | import java.util.function.Function;
24 | import java.util.function.Predicate;
25 |
26 | public class StreamUtil {
27 |
28 |
29 | public static Predicate distinctCustom(Function property) {
30 | Map seen = new ConcurrentHashMap<>();
31 | return t -> seen.putIfAbsent(property.apply(t), Boolean.TRUE) == null;
32 | }
33 |
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/model/ContractResult.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.model;
20 |
21 | import ch.securify.analysis.SecurifyErrors;
22 |
23 | import java.util.Map;
24 | import java.util.TreeMap;
25 |
26 | public class ContractResult {
27 | public boolean decompiled = false;
28 | public String error = null;
29 |
30 | public SecurifyErrors securifyErrors = new SecurifyErrors();
31 | public boolean finished = false;
32 | public final Map patternResults = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Jump.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | public class Jump extends BranchInstruction {
22 |
23 | private final String targetLabel;
24 |
25 | public Jump(String targetLabel) {
26 | if (targetLabel == null) {
27 | throw new IllegalArgumentException("Jump Instruction targetLabel is null");
28 | }
29 | this.targetLabel = targetLabel;
30 | }
31 |
32 | @Override
33 | public String getStringRepresentation() {
34 | return "goto " + targetLabel;
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/default_visibility_variables/storage.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | contract TestStorage {
4 |
5 | uint storeduint1 = 15;
6 | uint constant constuint = 16;
7 | uint32 investmentsDeadlineTimeStamp = uint32(now);
8 |
9 | bytes16 string1 = "test1";
10 | bytes32 private string2 = "test1236";
11 | string public string3 = "lets string something";
12 |
13 | mapping (address => uint) public uints1;
14 | mapping (address => DeviceData) structs1;
15 |
16 | uint[] uintarray;
17 | DeviceData[] deviceDataArray;
18 |
19 | struct DeviceData {
20 | string deviceBrand;
21 | string deviceYear;
22 | string batteryWearLevel;
23 | }
24 |
25 | function testStorage() public {
26 | address address1 = 0xbCcc714d56bc0da0fd33d96d2a87b680dD6D0DF6;
27 | address address2 = 0xaee905FdD3ED851e48d22059575b9F4245A82B04;
28 |
29 | uints1[address1] = 88;
30 | uints1[address2] = 99;
31 |
32 | DeviceData memory dev1 = DeviceData("deviceBrand", "deviceYear", "wearLevel");
33 |
34 | structs1[address1] = dev1;
35 |
36 | uintarray.push(8000);
37 | uintarray.push(9000);
38 |
39 | deviceDataArray.push(dev1);
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/TODAmountTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import org.junit.Test;
21 |
22 | import java.io.IOException;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class TODAmountTest {
27 |
28 | @Test
29 | public void isViolation() throws IOException {
30 | String hex = "src/test/resources/solidity/TODAmount.bin.hex";
31 | HelperInstructionPattern helperInstructionPattern = new HelperInstructionPattern(hex, new TODAmount());
32 | assertEquals(1, helperInstructionPattern.pattern.violations.size());
33 | }
34 | }
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/Create.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | import ch.securify.decompiler.Variable;
22 |
23 | public class Create extends Instruction implements _TypeInstruction {
24 |
25 | @Override
26 | public String getStringRepresentation() {
27 | return getOutput()[0] + " = create(value: " + getInput()[0] + ", memoffset: " + getInput()[1] + ", length: " + getInput()[2] + ")";
28 | }
29 |
30 | public void computeResultTypes() {
31 | for (Variable output : getOutput()) {
32 | output.addValueType(getClass());
33 | }
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/ch/securify/decompiler/instructions/_VirtualMethodReturn.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 |
19 | package ch.securify.decompiler.instructions;
20 |
21 | import ch.securify.decompiler.Variable;
22 |
23 | import java.util.Arrays;
24 | import java.util.stream.Collectors;
25 |
26 | public class _VirtualMethodReturn extends Jump implements _VirtualInstruction {
27 |
28 | public _VirtualMethodReturn() {
29 | super("");
30 | }
31 |
32 | @Override
33 | public String getStringRepresentation() {
34 | return "return (" + Arrays.stream(getInput()).map(Variable::toString).collect(Collectors.joining(", ")) + ")";
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/unprotected_critical_functions/wallet_02_refund_nosub.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | /* User can add pay in and withdraw Ether.
4 | Unfortunately the developer forgot set the user's balance to 0 when refund() is called.
5 | An attacker can pay in a small amount of Ether and call refund() repeatedly to empty the contract.
6 | */
7 |
8 | contract Wallet {
9 | address creator;
10 |
11 | mapping(address => uint256) balances;
12 |
13 | constructor() public {
14 | creator = msg.sender;
15 | }
16 |
17 | function deposit() public payable {
18 | assert(balances[msg.sender] + msg.value > balances[msg.sender]);
19 | balances[msg.sender] += msg.value;
20 | }
21 |
22 | function withdraw(uint256 amount) public {
23 | require(amount <= balances[msg.sender]);
24 | msg.sender.transfer(amount);
25 | balances[msg.sender] -= amount;
26 | }
27 |
28 | function refund() public {
29 | msg.sender.transfer(balances[msg.sender]);
30 | }
31 |
32 | // In an emergency the owner can migrate allfunds to a different address.
33 |
34 | function migrateTo(address payable to) public {
35 | require(creator == msg.sender);
36 | to.transfer(address(this).balance);
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/TODReceiverTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import org.junit.Test;
21 |
22 | import java.io.IOException;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class TODReceiverTest {
27 |
28 | @Test
29 | public void isViolation() throws IOException {
30 | String hexViolation = "src/test/resources/solidity/TODReceiver.bin.hex";
31 | HelperInstructionPattern helperInstructionPattern = new HelperInstructionPattern(hexViolation, new TODReceiver());
32 | assertEquals(1, helperInstructionPattern.pattern.violations.size());
33 | }
34 | }
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/guess_the_random_number_fixed.sol:
--------------------------------------------------------------------------------
1 | /*
2 | * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/
3 | * @author: Steve Marx
4 | */
5 |
6 | pragma solidity ^0.5.0;
7 |
8 | contract GuessTheRandomNumberChallenge {
9 | uint8 answer;
10 | uint8 commitedGuess;
11 | uint commitBlock;
12 | address guesser;
13 |
14 | constructor() public payable {
15 | require(msg.value == 1 ether);
16 | }
17 |
18 | function isComplete() public view returns (bool) {
19 | return address(this).balance == 0;
20 | }
21 |
22 | //Guess the modulo of the blockhash 20 blocks from your guess
23 | function guess(uint8 _guess) public payable {
24 | require(msg.value == 1 ether);
25 | commitedGuess = _guess;
26 | commitBlock = block.number;
27 | guesser = msg.sender;
28 | }
29 | function recover() public {
30 | //This must be called after the guessed block and before commitBlock+20's blockhash is unrecoverable
31 | require(block.number > commitBlock + 20 && commitBlock+20 > block.number - 256);
32 | require(guesser == msg.sender);
33 |
34 | if(uint(blockhash(commitBlock+20)) == commitedGuess){
35 | msg.sender.transfer(2 ether);
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/test/resources/solidity/end_to_end_testing_big/swc/weak_randomness/old_blockhash.sol:
--------------------------------------------------------------------------------
1 | pragma solidity ^0.5.0;
2 |
3 | //Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block-hash/
4 | //Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait.
5 | contract PredictTheBlockHashChallenge {
6 |
7 | struct guess{
8 | uint block;
9 | bytes32 guess;
10 | }
11 |
12 | mapping(address => guess) guesses;
13 |
14 | constructor() public payable {
15 | require(msg.value == 1 ether);
16 | }
17 |
18 | function lockInGuess(bytes32 hash) public payable {
19 | require(guesses[msg.sender].block == 0);
20 | require(msg.value == 1 ether);
21 |
22 | guesses[msg.sender].guess = hash;
23 | guesses[msg.sender].block = block.number + 1;
24 | }
25 |
26 | function settle() public {
27 | require(block.number > guesses[msg.sender].block);
28 |
29 | bytes32 answer = blockhash(guesses[msg.sender].block);
30 |
31 | guesses[msg.sender].block = 0;
32 | if (guesses[msg.sender].guess == answer) {
33 | msg.sender.transfer(2 ether);
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/DAOConstantGasTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import org.junit.Test;
21 |
22 | import java.io.IOException;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class DAOConstantGasTest {
27 |
28 | @Test
29 | public void isViolation() throws IOException {
30 | String hexViolation = "src/test/resources/solidity/DAOConstantGas.bin.hex";
31 | HelperInstructionPattern helperInstructionPattern = new HelperInstructionPattern(hexViolation, new DAOConstantGas());
32 | assertEquals(1, helperInstructionPattern.pattern.violations.size());
33 | }
34 | }
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/UnrestrictedWriteTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import org.junit.Test;
21 |
22 | import java.io.IOException;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class UnrestrictedWriteTest {
27 |
28 | @Test
29 | public void isViolation() throws IOException {
30 | String hex = "src/test/resources/solidity/UnrestrictedWrite.bin.hex";
31 | HelperInstructionPattern helperInstructionPattern = new HelperInstructionPattern(hex, new UnrestrictedWrite());
32 |
33 | assertEquals(1, helperInstructionPattern.pattern.violations.size());
34 | }
35 | }
--------------------------------------------------------------------------------
/src/test/resources/solidity/repeated-calls-tp.bin.hex:
--------------------------------------------------------------------------------
1 | 608060405234801561001057600080fd5b5060043610610048576000357c010000000000000000000000000000000000000000000000000000000090048063cadaacbf1461004d575b600080fd5b61008f6004803603602081101561006357600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610091565b005b6000808273ffffffffffffffffffffffffffffffffffffffff166326121ff06040518163ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040160206040518083038186803b1580156100f657600080fd5b505afa15801561010a573d6000803e3d6000fd5b505050506040513d602081101561012057600080fd5b810190808051906020019092919050505073ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060009054906101000a900460ff16151561018457600080fd5b60018060008373ffffffffffffffffffffffffffffffffffffffff166326121ff06040518163ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040160206040518083038186803b1580156101eb57600080fd5b505afa1580156101ff573d6000803e3d6000fd5b505050506040513d602081101561021557600080fd5b810190808051906020019092919050505073ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060006101000a81548160ff0219169083151502179055505056fea165627a7a723058209a2de39e41cfe1223ecd44dddcf985405922a26928d4f78ad27dd363c1ba972b0029
2 |
3 |
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/MissingInputValidationTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import org.junit.Test;
21 |
22 | import java.io.IOException;
23 |
24 | import static org.junit.Assert.assertEquals;
25 |
26 | public class MissingInputValidationTest {
27 |
28 | @Test
29 | public void isViolation() throws IOException {
30 | String hexViolation = "src/test/resources/solidity/MissingInputValidation.bin.hex";
31 | HelperInstructionPattern helperInstructionPattern = new HelperInstructionPattern(hexViolation, new MissingInputValidation());
32 | assertEquals(1, helperInstructionPattern.pattern.violations.size());
33 | }
34 | }
--------------------------------------------------------------------------------
/src/test/java/ch/securify/patterns/ContractPatternTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2018 Secure, Reliable, and Intelligent Systems Lab, ETH Zurich
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | */
17 |
18 | package ch.securify.patterns;
19 |
20 | import ch.securify.decompiler.instructions.Instruction;
21 |
22 | import java.io.IOException;
23 | import java.util.List;
24 |
25 | class ContractPatternTest {
26 | AbstractPattern pattern;
27 |
28 | public ContractPatternTest(String hexFilename, AbstractContractPattern pattern) throws IOException {
29 | HelperTestInput testInput = new HelperTestInput(hexFilename);
30 | this.pattern = pattern;
31 | for (List methodBody : testInput.methodBodies) {
32 | pattern.checkPattern(methodBody, testInput.instructions, testInput.dataflow);
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------