search

Consensys / mythril

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
https://mythx.io/
MIT License
3.84k stars 736 forks source link

false positive overflow on array parameter function #891

Closed sunriseup closed 5 years ago

sunriseup commented 5 years ago

Description

When I run myth on BEC contract https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d#code (line 257 has a multiple overflow) , but got report on addition overflow near the line besides a multiple overflow.

How to Reproduce

$ myth -x BEC0.sol --solv 0.4.25

Expected behavior

Report on binary multiple overflow exactly at or around line 257 .

Screenshots

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: PausableToken
Function name: [batchTransfer(address[],uint256), batchTransfer(address[],uint256)] (ambiguous)
PC address: 659
Estimated Gas Usage: 1008 - 4113
The binary addition can overflow.
The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: BEC0.sol:259

der] >= amount);

balances[msg.sender] = balances[msg.sender].sub(amount);
for (uint i = 0; i < cnt; i++) {
balances[_receivers[i]] = balances[_receivers[i]].add(_value);
Transfer(msg.sender, _receivers[i], _value);
}
return true;
  }
}

/**
 * @title Bec Token
 *
 * @dev Implementation of Bec Token based on the basic standard token.
 */
contract BecToken is PausableToken {
/**
* Public variables of the token
* The following variables are OPTIONAL vanities. One does not have to inclu

--------------------

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: PausableToken
Function name: [batchTransfer(address[],uint256), batchTransfer(address[],uint256)] (ambiguous)
PC address: 1587
Estimated Gas Usage: 1008 - 4113
The binary multiplication can overflow.
The operands of the multiplication operation are not sufficiently constrained. The multiplication could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------
In file: BEC0.sol:263

es[_receivers[i]].add

--------------------

Environment

Please modify for your setup

Additional Environment or Context

dev version: * develop 852c9b5b Merge pull request #888 from ConsenSys/bugfix/docker-dev
DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"

JoranHonig commented 5 years ago

Hi, thanks for the report! When I run analysis on bectoken, a vulnerability is reported on the multiply operation. Additionally, there are some issues for code that is not influenceable by the developer. We are aware of this, and have a fix coming in the pipeline.

I'm closing this as the most recent version correctly seems to discover the bug, please reopen if something still needs to be fixed