search

Consensys / mythx-developer-support

Support resources and bug reporting for Mythril Tool Developers
3 stars 1 forks source link

Finds no problems with batchOverflow contract #19

Open NoahMarconi opened 5 years ago

NoahMarconi commented 5 years ago

As a test case I copied over this contract locally and ran truffle run verify: https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d#code

This is the famous batchOverflow contract and the tool doesn't catch that there's an overflow vulnerability here.

NoahMarconi commented 5 years ago

This appears to be a mythril bug. Added report here as well: https://github.com/ConsenSys/mythril-classic/issues/956

muellerberndt commented 5 years ago

@NoahMarconi I think we already have a fix for that in the develop branch, but that fix hasn't yet made it into a release (and therefore into the API). Will update you once it's fixed.

daniyarchambylov commented 5 years ago

@NoahMarconi can you verify that bug is fixed?

NoahMarconi commented 5 years ago

Not in the released NPM package for truffle-security.

$ truffle run verify
Compiling ./contracts/Beauty.sol...
Writing artifacts to ./build/mythx/contracts

   BasicToken |*************************************************************************************************| 100% || Elapsed: 56.2s ✓ completed
     BecToken |*************************************************************************************************| 100% || Elapsed: 59.4s ✓ completed
        ERC20 |*************************************************************************************************| 100% || Elapsed: 60.4s ✓ completed
   ERC20Basic |*************************************************************************************************| 100% || Elapsed: 61.6s ✓ completed
      Ownable |*************************************************************************************************| 100% || Elapsed: 53.1s ✓ completed
     Pausable |*************************************************************************************************| 100% || Elapsed: 72.3s ✓ completed
PausableToken |*************************************************************************************************| 100% || Elapsed: 72.2s ✓ completed
     SafeMath |*************************************************************************************************| 100% || Elapsed: 65.7s ✓ completed
StandardToken |*************************************************************************************************| 100% || Elapsed: 70.7s ✓ completed

/Users/noahmarconi/gbcClass/testBT/contracts/Beauty.sol
  165:2  warning  The function visibility is not set  SWC-100
  290:4  warning  The function visibility is not set  SWC-100
  295:4  warning  The function visibility is not set  SWC-100

✖ 3 problems (0 errors, 3 warnings)
nbanmp commented 5 years ago

As this is not directly a problem with truffle-security itself, but with the api behind it, I have transferred the issue to the mythx-developer-support repository.