search

crytic / medusa

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum
https://www.trailofbits.com/
GNU Affero General Public License v3.0
273 stars 33 forks source link

Inconsistency in the corpus encoded and decoded data #338

Closed tuturu-tech closed 1 week ago

tuturu-tech commented 3 months ago

Version: 0.1.3, but also present in 0.1.2

The ABI encoded data field does not match the ABI decoded values in the inputValues field of the corpus call sequences.

Uint256:

   "data": "0xd2282dc5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
   "dataAbiValues": {
    "methodSignature": "setUint256(uint256)",
    "inputValues": [
     "0"
    ]
   },

Correctly decoded value:: type(uint256).max => 115792089237316195423570985008687907853269984665640564039457584007913129639935

Int256:

   "data": "0xa53b1c1e8000000000000000000000000000000000000000000000000000000000000000",
   "dataAbiValues": {
    "methodSignature": "setInt256(int256)",
    "inputValues": [
     "-1809251286499854575800706955788874776224760329015246946758866135024060596214"
    ]
   },

Correctly decoded value: type(int256).min => -57896044618658097711785492504343953926634992332820282019728792003956564819968

bytes:

   "data": "0xda359dc80000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000004395d46a88bc0b8281b657614465e8e6393f355639456bd545d93226f8348894f725e214005e87795d8be56055a01a9c5031021b12ef798212c843f5ae41dd73be1cbc0a0000000000000000000000000000000000000000000000000000000000",
   "dataAbiValues": {
    "methodSignature": "setBytes(bytes)",
    "inputValues": [
     ""
    ]
   },
tuturu-tech commented 3 weeks ago

Contract and corpus to reproduce the decoding issue: decoding-reproduction.zip