Skip to content
This repository has been archived by the owner on Mar 6, 2024. It is now read-only.

UnboundLocalError when using dynamic analysis #10

Open
muellerberndt opened this issue Apr 28, 2019 · 5 comments
Open

UnboundLocalError when using dynamic analysis #10

muellerberndt opened this issue Apr 28, 2019 · 5 comments
Labels
bug Something isn't working EVM Related to EVM

Comments

@muellerberndt
Copy link

muellerberndt commented Apr 28, 2019

Some EVM bytecode inputs result in an UnboundLocalError exception. For example:

$ python octopus_eth_evm.py -g -r "6080604052348015600f57600080fd5b506004361060465760003560e01c80632f576f2014604b57806381b36467146067578063a0ef91df14606f578063bcb4ab0e146077575b600080fd5b6051607f565b6040518082815260200191505060405180910390f35b606d6088565b005b60756094565b005b607d60f3565b005b60008054905090565b6001600014609257fe5b565b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f1935050505015801560f0573d6000803e3d6000fd5b50565b600160008190555056fea165627a7a7230582097b073d8789a43fedeb6be6929b92747b0ddbcfd568d5c737d90ea40ce8efe9f0029"
Traceback (most recent call last):
  File "octopus_eth_evm.py", line 186, in <module>
    main()
  File "octopus_eth_evm.py", line 164, in main
    octo_cfg = EthereumCFG(octo_bytecode)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/cfg.py", line 9, in __new__
    return EvmCFG(bytecode, analysis=evm_analysis)
  File "/Users/bernhardmueller/Projects/octopus/octopus/arch/evm/cfg.py", line 160, in __init__
    self.run_dynamic_analysis()
  File "/Users/bernhardmueller/Projects/octopus/octopus/arch/evm/cfg.py", line 173, in run_dynamic_analysis
    emul.emulate()
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 122, in emulate
    halt = self.emulate_one_instruction(instr, state, depth)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 168, in emulate_one_instruction
    halt = self.ssa_stack_memory_storage_flow_instruction(instr, state, depth)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 433, in ssa_stack_memory_storage_flow_instruction
    self.emulate(new_state, depth=depth + 1)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 122, in emulate
    halt = self.emulate_one_instruction(instr, state, depth)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 168, in emulate_one_instruction
    halt = self.ssa_stack_memory_storage_flow_instruction(instr, state, depth)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 400, in ssa_stack_memory_storage_flow_instruction
    self.emulate(new_state, depth=depth + 1)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 122, in emulate
    halt = self.emulate_one_instruction(instr, state, depth)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 148, in emulate_one_instruction
    self.emul_comparaison_logic_instruction(instr, state)
  File "/Users/bernhardmueller/Projects/octopus/octopus/platforms/ETH/emulator.py", line 261, in emul_comparaison_logic_instruction
    instr.name, args=args)
UnboundLocalError: local variable 'args' referenced before assignment

The bytecode was generated with solc 0.5.7 from the following source:

pragma solidity ^0.5.0;

contract Test {

	uint256 myinteger;

    function doNothing() public view returns (uint256) {
    	return myinteger;
    }

    function write() public {
    	myinteger = 1;
    }

    function alwaysfail() public {
    	assert(0 == 1);
    }

    function withdrawEth() public {
    	msg.sender.transfer(address(this).balance);
    }
}
@muellerberndt
Copy link
Author

Interestingly this happens only with bytecode compiled with newer solc version. Octopus processes the same contract when compiled with 0.4.24 but fails with 0.5.7.

pragma solidity ^0.5.0;

contract Test {
	uint256[] public myinteger;
}

0.4.24:

608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680637c4e2261146044575b600080fd5b348015604f57600080fd5b50606c600480360381019080803590602001909291905050506082565b6040518082815260200191505060405180910390f35b600081815481101515609057fe5b9060005260206000200160009150905054815600a165627a7a72305820a1f21cb8e5428cf6d0898a479fa2441da1ee73de1679e0b316a1dea027a843d70029

0.5.7:

6080604052348015600f57600080fd5b506004361060285760003560e01c80637c4e226114602d575b600080fd5b605660048036036020811015604157600080fd5b8101908080359060200190929190505050606c565b6040518082815260200191505060405180910390f35b60008181548110607857fe5b90600052602060002001600091509050548156fea165627a7a7230582076100799af5e6466edc3d544d4782bc2c30d0684ce8cb4c0f2bb710f1ef1e6630029

@pventuzelo
Copy link
Member

Thanks Bernhard ;) i will try to take a look asap

@pventuzelo pventuzelo added bug Something isn't working EVM Related to EVM labels May 7, 2019
@fiercef3l1n3
Copy link

I am experiencing the same issue when trying to construct a dynamic control flow graph.

@webthethird
Copy link

@pventuzelo I am having this same issue 3 years later, trying to construct a CFG. I see that this repo has not been updated in the past 2 years... is there any chance that this will be fixed?

@pventuzelo
Copy link
Member

pventuzelo commented Sep 15, 2022

Sorry, I'm not planning to fix this at the moment. You might be interested in using https://github.com/crytic/evm_cfg_builder

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working EVM Related to EVM
Projects
None yet
Development

No branches or pull requests

4 participants