For the following input contract mythos reports severity as "undefined" for all issues:
pragma solidity ^0.4.18;
contract Token {
mapping(address => uint) balances;
uint public totalSupply;
function Token(uint _initialSupply) {
balances[msg.sender] = totalSupply = _initialSupply;
}
function transfer(address _to, uint _value) public returns (bool) {
require(balances[msg.sender] - _value >= 0);
balances[msg.sender] -= _value;
balances[_to] += _value;
return true;
}
function balanceOf(address _owner) public constant returns (uint balance) {
return balances[_owner];
}
}
Output:
$ mythos analyze token.sol Token
Reading contract token.sol... done
Downloading Solidity version v0.4.18+commit.9cf6e910
(node:47467) V8: soljson-v0.4.18+commit.9cf6e910.js:3 Invalid asm.js: Invalid member of stdlib
Compiling contract token.sol... done
Analyzing contract Token... done
Report found 1 issues
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary subtraction can underflow.
Description: The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
Source code:
token.sol 13:12
--------------------------------------------------
balances[msg.sender] - _value
--------------------------------------------------
==================================================
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary subtraction can underflow.
Description: The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
Source code:
token.sol 14:4
--------------------------------------------------
balances[msg.sender] -= _value
--------------------------------------------------
==================================================
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary addition can overflow.
Description: The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
Source code:
token.sol 15:4
--------------------------------------------------
balances[_to] += _value
--------------------------------------------------
==================================================
Title: Floating Pragma
Severity: undefined
Head: A floating pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently any version equal or greater than "0.4.18" is allowed.
Source code:
token.sol 1:0
--------------------------------------------------
pragma solidity ^0.4.18;
--------------------------------------------------
==================================================
Title: Function Default Visibility
Severity: undefined
Head: The function visibility is not set.
Description: The function "Token" does not have an explicit visibility set. The default visibility is set to public and anyone call the function.
Source code:
token.sol 8:2
--------------------------------------------------
function Token(uint _initialSupply) {
balances[msg.sender] = totalSupply = _initialSupply;
}
--------------------------------------------------
==================================================
Title: State Variable Default Visibility
Severity: undefined
Head: The state variable visibility is not set.
Description: It is best practice to set the visibility of state variables explicitly. The default visibility for "balances" is internal. Other possible visibility values are public and private.
Source code:
token.sol 5:27
--------------------------------------------------
balances
--------------------------------------------------
==================================================
Title: Use of Deprecated Solidity Functions
Severity: undefined
Head: Use of disallowed state mutability modifier "constant".
Description: Using "constant" as a state mutability modifier in function "balanceOf" is disallowed as of Solidity version 0.5.0. Use "view" instead.
Source code:
token.sol 19:2
--------------------------------------------------
function balanceOf(address _owner) public constant returns (uint balance) {
return balances[_owner];
}
--------------------------------------------------
==================================================
Done
cerebral-cortex:Mythos-Samples bernhardmueller$ mythos analyze token.sol Token
Reading contract token.sol... done
Downloading Solidity version v0.4.18+commit.9cf6e910
(node:47524) V8: soljson-v0.4.18+commit.9cf6e910.js:3 Invalid asm.js: Invalid member of stdlib
Compiling contract token.sol... done
Analyzing contract Token... done
Report found 1 issues
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary subtraction can underflow.
Description: The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
Source code:
token.sol 13:12
--------------------------------------------------
balances[msg.sender] - _value
--------------------------------------------------
==================================================
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary subtraction can underflow.
Description: The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion.
Source code:
token.sol 14:4
--------------------------------------------------
balances[msg.sender] -= _value
--------------------------------------------------
==================================================
Title: Integer Overflow and Underflow
Severity: undefined
Head: The binary addition can overflow.
Description: The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
Source code:
token.sol 15:4
--------------------------------------------------
balances[_to] += _value
--------------------------------------------------
==================================================
Title: Floating Pragma
Severity: undefined
Head: A floating pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently any version equal or greater than "0.4.18" is allowed.
Source code:
token.sol 1:0
--------------------------------------------------
pragma solidity ^0.4.18;
--------------------------------------------------
==================================================
Title: Function Default Visibility
Severity: undefined
Head: The function visibility is not set.
Description: The function "Token" does not have an explicit visibility set. The default visibility is set to public and anyone call the function.
Source code:
token.sol 8:2
--------------------------------------------------
function Token(uint _initialSupply) {
balances[msg.sender] = totalSupply = _initialSupply;
}
--------------------------------------------------
==================================================
Title: State Variable Default Visibility
Severity: undefined
Head: The state variable visibility is not set.
Description: It is best practice to set the visibility of state variables explicitly. The default visibility for "balances" is internal. Other possible visibility values are public and private.
Source code:
token.sol 5:27
--------------------------------------------------
balances
--------------------------------------------------
==================================================
Title: Use of Deprecated Solidity Functions
Severity: undefined
Head: Use of disallowed state mutability modifier "constant".
Description: Using "constant" as a state mutability modifier in function "balanceOf" is disallowed as of Solidity version 0.5.0. Use "view" instead.
Source code:
token.sol 19:2
--------------------------------------------------
function balanceOf(address _owner) public constant returns (uint balance) {
return balances[_owner];
}
--------------------------------------------------
==================================================
Done
cleanunicorn
commented
5 years ago
For the following input contract mythos reports severity as "undefined" for all issues:
Output: