search

SoftSec-KAIST / Smartian

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)
MIT License
140 stars 21 forks source link

Unhandled exception. System.OverflowException: Value was either too large or too small for a UInt64. #1

Open nettrino opened 2 years ago

nettrino commented 2 years ago

Hello,

Analyzing a sample contract and got the following unhandled exception:

Unhandled exception. System.OverflowException: Value was either too large or too small for a UInt64.
   at System.Numerics.BigInteger.op_Explicit(BigInteger value)
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.resolveVarEdgeWithState(UInt64 addr, Vertex`1 src, Int32 tmpNo, Boolean isCjmp, State state, BinEssence ess, FSharpList`1 edges) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 504
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.resolveVarEdge(UInt64 addr, ProgramPoint ppoint, Vertex`1 src, Int32 tmpVarNo, Boolean isCjmp, BinEssence ess, FSharpList`1 edges) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 521
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.getEdges(BinEssence ess, FSharpList`1 edges, Vertex`1 src) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 589
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.addEdgeLoop(BinEssence ess, FSharpList`1 elms, FSharpList`1 _arg1) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 732
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.connectEdges[a](BinEssence ess, FSharpList`1 elms, FSharpList`1 edges) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 741
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.buildBlock$cont@764(BinEssence ess, FSharpList`1 elms, FSharpOption`1 edgeInfo, ProgramPoint leader, BBLStore bbls, FSharpResult`2 matchValue, Unit unitVar) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 773
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.buildBlock(BinEssence ess, UInt64 func, UInt64 leader, FSharpList`1 addrs, UInt64 lastAddr, FSharpList`1 elms, FSharpOption`1 edgeInfo) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 762
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.parseNewBBL(BinEssence ess, FSharpList`1 elms, UInt64 func, ArchOperationMode mode, UInt64 addr, FSharpOption`1 edgeInfo) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 793
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.updateCFGWithEdge(BinEssence ess, FSharpList`1 elms, UInt64 func, ProgramPoint src, CFGEdgeKind edge, UInt64 dst) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 833
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.updateCFG(BinEssence ess, UInt64 func, Boolean success, FSharpList`1 _arg1) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 870
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.AddEntry(BinEssence ess, UInt64 addr, ArchOperationMode mode) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 884
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.AddEntries@891-1.Invoke(Tuple`2 entry) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 892
   at Microsoft.FSharp.Collections.ListModule.Fold[T,TState](FSharpFunc`2 folder, TState state, FSharpList`1 list) in D:\a\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 221
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.AddEntries(BinEssence ess, FSharpList`1 entries) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 890
   at B2R2.MiddleEnd.BinEssence.BinEssenceModule.Init(BinHandle hdl) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/BinEssence/BinEssence.fs:line 955
   at B2R2.MiddleEnd.Reclaimer.EVMCodeCopyAnalysis.B2R2.MiddleEnd.Reclaimer.IAnalysis.Run(BinEssence ess, AnalysisHint hint) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/Reclaimer/EVMCodeCopyAnalysis.fs:line 78
   at Microsoft.FSharp.Collections.ListModule.Fold[T,TState](FSharpFunc`2 folder, TState state, FSharpList`1 list) in D:\a\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 221
   at B2R2.MiddleEnd.Reclaimer.Reclaimer.run(FSharpList`1 analyses, BinEssence ess) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/Reclaimer/Reclaimer.fs:line 32
   at EVMAnalysis.Parse.run(String binFile, String abiFile) in /home/nettrino/smartcontractfuzzing/tools/Smartian/EVMAnalysis/src/FrontEnd/Parse.fs:line 65
   at EVMAnalysis.TopLevel.parseAndAnalyze(String binFile, String abiFile) in /home/nettrino/smartcontractfuzzing/tools/Smartian/EVMAnalysis/src/Analysis/TopLevel.fs:line 96
   at Smartian.Fuzz.initializeWithDFA(FuzzOption opt) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Fuzz/Fuzz.fs:line 21
   at Smartian.Fuzz.run[a](String[] args) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Fuzz/Fuzz.fs:line 144
   at Smartian.Main.runMode(String mode, String[] optArgs) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Main/Main.fs:line 14
   at Smartian.Main.main(String[] args) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Main/Main.fs:line 22

I can provide the bin and abi files to reproduce if needed. OS is Debian GNU/Linux 11 (bullseye)

jchoi2022 commented 2 years ago

Hello, thank you for reporting a bug.

Will you share the bin and abi files to reproduce this? Thank you!

nettrino commented 2 years ago

Thanks for the prompt reply. See attached test.zip

jchoi2022 commented 2 years ago

Thank you for providing the files, I can reproduce this exception too. I will take a look and make an update when the issue is resolved.