Report string assignments have overflows

sunbeomso commented 4 years ago

Description

For the contract in: https://etherscan.io/address/0xcd2ddec1150ded7a28834169683a0dbc93a782c2#code

Mythril reports the following function has overflow (line 271--274):

    function setTokenName(string newTokenName) public onlyOwner{
        tokenName = newTokenName;
        name    = newTokenName;
    }

Could you check the Mythril's result?

How to Reproduce

sudo docker exec CONTAINER myth analyze /tmp/test.sol:SuperCarbonCoinToken --solv 0.4.25 -m integer,exceptions

Expected behavior

Should not report overflow for string assignments.

Environment

Mythril version: v 0.21.21 (from docker image)
Solidity compiler and version: 0.5.12
Python version: 3.6.9 (the one installed in the docker container)
OS and Version: Ubuntu 18.04 (Host OS)

norhh commented 4 years ago

These are internal overflows(mostly unrelated to user input), Sometimes solidity causes intentional overflows that are safe.

sunbeomso commented 4 years ago

Interesting. Could you provide any related links?

norhh commented 4 years ago

Could you provide any related links? I don't have any links as I observed it when I was going through the bytecode. For example if the stack has [value], and you need to compute value-1, then it's cheaper to do PUSH UINT_MAX, ADD than PUSH 1, SWAP, SUB and solidity chooses the former. There are also other scenarios for overflows

sunbeomso commented 4 years ago

@norhh thank you for explaining that.

Consensys / mythril