search

SoftSec-KAIST / Smartian

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)
MIT License
140 stars 21 forks source link

Unhandled exception. System.Exception: Failed to analyze trampoline code #2

Open nettrino opened 2 years ago

nettrino commented 2 years ago

And another one (see test2.zip) 

Unhandled exception. System.Exception: Failed to analyze trampoline code
   at B2R2.MiddleEnd.Reclaimer.EVMTrampolineAnalysis.analyzeTrampoline(BinEssence ess) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/Reclaimer/EVMTrampolineAnalysis.fs:line 127
   at B2R2.MiddleEnd.Reclaimer.EVMTrampolineAnalysis.B2R2.MiddleEnd.Reclaimer.IAnalysis.Run(BinEssence ess, AnalysisHint hint) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/Reclaimer/EVMTrampolineAnalysis.fs:line 135
   at Microsoft.FSharp.Collections.ListModule.Fold[T,TState](FSharpFunc`2 folder, TState state, FSharpList`1 list) in D:\a\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 221
   at B2R2.MiddleEnd.Reclaimer.Reclaimer.run(FSharpList`1 analyses, BinEssence ess) in /mnt/c/Workspace/Smartian/EVMAnalysis/B2R2/src/MiddleEnd/Reclaimer/Reclaimer.fs:line 32
   at EVMAnalysis.Parse.run(String binFile, String abiFile) in /home/nettrino/smartcontractfuzzing/tools/Smartian/EVMAnalysis/src/FrontEnd/Parse.fs:line 65
   at EVMAnalysis.TopLevel.parseAndAnalyze(String binFile, String abiFile) in /home/nettrino/smartcontractfuzzing/tools/Smartian/EVMAnalysis/src/Analysis/TopLevel.fs:line 96
   at Smartian.Fuzz.initializeWithDFA(FuzzOption opt) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Fuzz/Fuzz.fs:line 21
   at Smartian.Fuzz.run[a](String[] args) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Fuzz/Fuzz.fs:line 144
   at Smartian.Main.runMode(String mode, String[] optArgs) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Main/Main.fs:line 14
   at Smartian.Main.main(String[] args) in /home/nettrino/smartcontractfuzzing/tools/Smartian/src/Main/Main.fs:line 22
jchoi2022 commented 2 years ago

Also confirmed this one, thank you for the report.

webthethird commented 1 year ago

Got this issue as well. Commenting here to add some additional info. Before getting the unhandled exception (identical to above), I saw the following output which may help with diagnosing the issue:

[00:00:00:00] Fuzz target : examples/bin/Inbox.bin
[00:00:00:00] Fuzzing starts at 03:24:09
[00:00:00:00] Time limit : 3600 s
Stack lift offset not found @ 30fe
Stack lift offset not found @ 3291
Stack lift offset not found @ 32d3
Stack lift offset not found @ 56c
Stack lift offset not found @ 2fd1
Stack lift offset not found @ 2fef
Stack lift offset not found @ 2eb2
Stack lift offset not found @ 2e23
Stack lift offset not found @ 2de4
Stack lift offset not found @ 2e6a
Stack lift offset not found @ 2ffc
Stack lift offset not found @ 301c
Stack lift offset not found @ 2fa1
Stack lift offset not found @ 2ee6
Stack lift offset not found @ 2f59
Stack lift offset not found @ 3029
Stack lift offset not found @ 4e8
Stack lift offset not found @ 1f7e
Stack lift offset not found @ 1f9d
Stack lift offset not found @ 2009
Stack lift offset not found @ 205b
Stack lift offset not found @ 3986
Stack lift offset not found @ 2084
Stack lift offset not found @ 2d65
Stack lift offset not found @ 38a3
Stack lift offset not found @ 1d00
...

I'm also attaching the .bin and .abi files I was trying to fuzz, so hopefully it can be reproduced. FilesUsedToFuzz.zip

It may also be worth noting that this project has a lot of inheritance, and thus solc created many binaries besides the one I used for the input parameter. So I am also including the full set of Solidity files and binaries. WormholeInbox.zip

I hope this helps! I would really like to use this fuzzer in my research, but I can't if this isn't fixed (attn: @jchoi2022).