Open ritzdorf opened 5 years ago
Memory tagging needs to be improved for certain opcodes including ReturnDataCopy and CallDataCopy.
ReturnDataCopy
CallDataCopy.
Reference: https://github.com/eth-sri/securify/blob/master/src/main/java/ch/securify/analysis/AbstractDataflow.java#L472
Example:
No MissingInputValidation here:
contract SimpleBank { bytes32 x; function withdraw(bytes memory a) public { x = keccak256(a); } }
but it is detected if a non-dynamic data type is used.
Memory tagging needs to be improved for certain opcodes including
ReturnDataCopyandCallDataCopy.Reference: https://github.com/eth-sri/securify/blob/master/src/main/java/ch/securify/analysis/AbstractDataflow.java#L472
Example:
No MissingInputValidation here:
but it is detected if a non-dynamic data type is used.