-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbenchmark.log
267 lines (200 loc) · 11.4 KB
/
benchmark.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
-----------------DelegateCall-------------------
warden: 0.26500844955444336 < mythril: 10.755138874053955
===================
==== Delegatecall to user-supplied address ====
SWC ID: 112
Severity: High
Contract: DelegateCall
Function name: vuln(address,bytes)
PC address: 123
Estimated Gas Usage: 1797 - 38760
The contract delegates execution to another contract with a user-supplied address.
The smart contract delegates execution to a user-supplied address.This could allow an attacker to execute arbitrary code in the context of this contract account and manipulate the state of the contract account or execute actions on its behalf.
--------------------
In file: contracts/simple-delegatecall.sol:14
addr.delegatecall(data)
--------------------
Initial State:
Account: [CREATOR], balance: 0x1, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: vuln(address,bytes), txdata: 0x9dbb053b000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef00000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef', ''), value: 0x0
==== Unchecked return value from external call. ====
SWC ID: 104
Severity: Medium
Contract: DelegateCall
Function name: vuln(address,bytes)
PC address: 123
Estimated Gas Usage: 1797 - 38760
The return value of a message call is not checked.
External calls return a boolean value. If the callee halts with an exception, 'false' is returned and execution continues in the caller. The caller should check whether an exception happened and react accordingly to avoid unexpected behavior. For example it is often desirable to wrap external calls in require() so the transaction is reverted if the call fails.
--------------------
In file: contracts/simple-delegatecall.sol:14
addr.delegatecall(data)
--------------------
Initial State:
Account: [CREATOR], balance: 0x450c0000000000000, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x0, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [SOMEGUY], function: vuln(address,bytes), txdata: 0x9dbb053b00000000000000000000000000000000000000000000000000000000000000130000000000000000000000000000000000000000000000000000000000000000, decoded_data: ('0x0000000000000000000000000000000000000013', '00000000000000000000000000000000000000'), value: 0x0
-----------------ArbiStorageWrite-------------------
warden: 2.302469491958618 < mythril: 12.137086629867554
===================
==== Write to an arbitrary storage location ====
SWC ID: 124
Severity: High
Contract: ArbiStorageWrite
Function name: arbi_storage_write(uint256,uint256)
PC address: 213
Estimated Gas Usage: 7418 - 27513
The caller can write to arbitrary storage locations.
It is possible to write to arbitrary storage locations. By modifying the values of storage variables, attackers may bypass security controls or manipulate the business logic of the smart contract.
--------------------
In file: contracts/arbi-storage-write.sol:28
sstore(add(sl, idx), value)
--------------------
Initial State:
Account: [CREATOR], balance: 0x2080080100000008, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x0, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [SOMEGUY], function: asw_prev2(uint256), txdata: 0x94f2a95d0000000000000000000000000000000000000000000000000000000000002fa6, decoded_data: (12198,), value: 0x0
Caller: [ATTACKER], function: arbi_storage_write(uint256,uint256), txdata: 0xb6ed73e90000000000000000000000000000000000000000000000000000004b847e6e1bb1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1, decoded_data: (324345425435, 80373332529431241529302213123677488980505048179679920921505852429022054691249), value: 0x0
-----------------All-------------------
warden: 8.696975469589233 < mythril: 191.93958020210266
===================
==== Write to an arbitrary storage location ====
SWC ID: 124
Severity: High
Contract: All
Function name: arbi_storage_write(uint256,uint256)
PC address: 1466
Estimated Gas Usage: 7397 - 27492
The caller can write to arbitrary storage locations.
It is possible to write to arbitrary storage locations. By modifying the values of storage variables, attackers may bypass security controls or manipulate the business logic of the smart contract.
--------------------
In file: contracts/all.sol:40
sstore(add(sl, idx), value)
--------------------
Initial State:
Account: [CREATOR], balance: 0x4200020000000001, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x2, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: asw_prev2(uint256), txdata: 0x94f2a95d0000000000000000000000000000000000000000000000000000000000002fa6, decoded_data: (12198,), value: 0x0
Caller: [SOMEGUY], function: arbi_storage_write(uint256,uint256), txdata: 0xb6ed73e90000000000000000000000000000000000000000000000000000004b847e6e16d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4d4, decoded_data: (324345425430, 96266364385533464430576662046438574372130340192610978730843167881088562681044), value: 0x0
-----------------ArbitraryJump-------------------
warden: 0.1284646987915039 < mythril: 4.501862287521362
===================
==== Jump to an arbitrary instruction ====
SWC ID: 127
Severity: High
Contract: ArbitraryJump
Function name: breakIt()
PC address: 171
Estimated Gas Usage: 257 - 918
The caller can redirect execution to arbitrary bytecode locations.
It is possible to redirect the control flow to arbitrary locations in the code. This may allow an attacker to bypass security controls or manipulate the business logic of the smart contract. Avoid using low-level-operations and assembly to prevent this issue.
--------------------
In file: contracts/arbijump.sol:32
func.f()
--------------------
Initial State:
Account: [CREATOR], balance: 0x80000000000000, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x0, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x1
Caller: [SOMEGUY], function: breakIt(), txdata: 0x6a1f9e19, value: 0x1
-----------------DepEvil-------------------
warden: 3.1298792362213135 < mythril: 90.14866209030151
===================
The analysis was completed successfully. No issues were detected.
-----------------Servers-------------------
warden: 0.37099266052246094 < mythril: 19.454675436019897
===================
==== Delegatecall to user-supplied address ====
SWC ID: 112
Severity: High
Contract: Servers
Function name: Func(address,bytes)
PC address: 143
Estimated Gas Usage: 1797 - 38760
The contract delegates execution to another contract with a user-supplied address.
The smart contract delegates execution to a user-supplied address.This could allow an attacker to execute arbitrary code in the context of this contract account and manipulate the state of the contract account or execute actions on its behalf.
--------------------
In file: contracts/delegatecall.sol:18
addr.delegatecall(data)
--------------------
Initial State:
Account: [CREATOR], balance: 0x4, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x1
Caller: [ATTACKER], function: Func(address,bytes), txdata: 0x003f3ab7000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef00000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef', ''), value: 0x0
==== Unchecked return value from external call. ====
SWC ID: 104
Severity: Medium
Contract: Servers
Function name: Func(address,bytes)
PC address: 143
Estimated Gas Usage: 1797 - 38760
The return value of a message call is not checked.
External calls return a boolean value. If the callee halts with an exception, 'false' is returned and execution continues in the caller. The caller should check whether an exception happened and react accordingly to avoid unexpected behavior. For example it is often desirable to wrap external calls in require() so the transaction is reverted if the call fails.
--------------------
In file: contracts/delegatecall.sol:18
addr.delegatecall(data)
--------------------
Initial State:
Account: [CREATOR], balance: 0x2, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x0, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x1
Caller: [SOMEGUY], function: withdraw(), txdata: 0x3ccfd60b, value: 0x0
Caller: [CREATOR], function: Func(address,bytes), txdata: 0x003f3ab7000000000000000000000000d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d600000000000000000000000000000000000000000000000000000000000000001f, decoded_data: ('0xd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d600', ''), value: 0x0
-----------------ArbitraryJumpWithFuncSeqOrder-------------------
warden: 0.3735640048980713 < mythril: 6.825766324996948
===================
The analysis was completed successfully. No issues were detected.
-----------------SelfDestruct-------------------
warden: 1.0514276027679443 < mythril: 184.82704305648804
===================
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: SelfDestruct
Function name: middle_vuln(address,uint256)
PC address: 213
Estimated Gas Usage: 7255 - 27350
Any sender can cause the contract to self-destruct.
Any sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.
--------------------
In file: contracts/simple-selfdestruct.sol:18
selfdestruct(payable(addr))
--------------------
Initial State:
Account: [CREATOR], balance: 0x1, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: middle_vuln(address,uint256), txdata: 0x1060e113000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef0000000000000000000000000000000000000000000000000000000006800390, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef', 109052816), value: 0x0
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: SelfDestruct
Function name: vuln(address)
PC address: 244
Estimated Gas Usage: 447 - 542
Any sender can cause the contract to self-destruct.
Any sender can trigger execution of the SELFDESTRUCT instruction to destroy this contract account and withdraw its balance to an arbitrary address. Review the transaction trace generated for this issue and make sure that appropriate security controls are in place to prevent unrestricted access.
--------------------
In file: contracts/simple-selfdestruct.sol:11
selfdestruct(payable(addr))
--------------------
Initial State:
Account: [CREATOR], balance: 0x1, nonce:0, storage:{}
Account: [ATTACKER], balance: 0x1, nonce:0, storage:{}
Transaction Sequence:
Caller: [CREATOR], calldata: , decoded_data: , value: 0x0
Caller: [ATTACKER], function: vuln(address), txdata: 0x94321f82000000000000000000000000deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, decoded_data: ('0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef',), value: 0x0