search

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Apache License 2.0
216 stars 50 forks source link

Error when running Securify on bytecode hex file #80

Closed bishwascg closed 5 years ago

bishwascg commented 5 years ago

Running Securify on a bytecode hex file gives the following error - I'm running the latest build.

java -jar build/libs/securify-0.1.jar -fh contract.hex

Attempt to decompile the contract with methods... Failed to decompile methods. Attempt to decompile the contract without identifying methods... Decompilation failed. Error in Securify Exception in thread "main" java.lang.NullPointerException at ch.securify.decompiler.DestackerFallback.findJumpCondition(DestackerFallback.java:403) at ch.securify.decompiler.DestackerFallback.handleStackMerging(DestackerFallback.java:356) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:205) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:201) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:216) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:238) at ch.securify.decompiler.DestackerFallback.decompile(DestackerFallback.java:131) at ch.securify.decompiler.DecompilerFallback.decompile(DecompilerFallback.java:73) at ch.securify.Main.decompileContract(Main.java:299) at ch.securify.Main.processHexFile(Main.java:163) at ch.securify.Main.main(Main.java:273)

contract.hex - 60606040526004361061012f5763ffffffff60e060020a60003504166325e89283811461013a5780632c4e722e146101615780632f923c59146101865780633197cbb6146101995780634042b66f146101ac578063471efce5146101bf5780634dc8ed02146101d257806350669a03146101e8578063518ab2a8146101fb578063521eb2731461020e57806360219c7b1461023d5780636317cc5b146102505780636cd022971461026357806378e97925146102855780637d64bcb4146102985780638746656f146102ab5780638da5cb5b146102c1578063a67bb583146102d4578063ccd65c0a146102e7578063da74ce27146102fa578063ec8ac4d81461030d578063ecb70fb714610321578063f2a0928d14610334578063f2fde38b14610347578063fc0c546a14610366575b61013833610379565b005b341561014557600080fd5b61014d6104c9565b604051901515815260200160405180910390f35b341561016c57600080fd5b6101746104d2565b60405190815260200160405180910390f35b341561019157600080fd5b6101746104d8565b34156101a457600080fd5b6101746104de565b34156101b757600080fd5b6101746104e4565b34156101ca57600080fd5b6101746104ea565b34156101dd57600080fd5b6101746004356104f0565b34156101f357600080fd5b610138610504565b341561020657600080fd5b610174610574565b341561021957600080fd5b61022161057a565b604051600160a060020a03909116815260200160405180910390f35b341561024857600080fd5b610174610589565b341561025b57600080fd5b61017461058f565b341561026e57600080fd5b610138600160a060020a0360043516602435610595565b341561029057600080fd5b610174610688565b34156102a357600080fd5b61013861068e565b34156102b657600080fd5b61013860043561070e565b34156102cc57600080fd5b610221610782565b34156102df57600080fd5b610174610791565b34156102f257600080fd5b610138610797565b341561030557600080fd5b610174610867565b610138600160a060020a0360043516610379565b341561032c57600080fd5b61014d61086d565b341561033f57600080fd5b610174610876565b341561035257600080fd5b610138600160a060020a036004351661087c565b341561037157600080fd5b610221610917565b6000610383610926565b80156103925750600754601354105b151561039d57600080fd5b600160a060020a038216158015906103bd575067016345785d8a00003410155b15156103c857600080fd5b601154421161040d57600254601354106103e157600080fd5b600b54610406906103f990600263ffffffff61095616565b349063ffffffff61095616565b905061042c565b60125460ff16151561041e57600080fd5b6104296103f961098c565b90505b60135461043f908263ffffffff6109f216565b601355600154600160a060020a03166340c10f19838360006040516020015260405160e060020a63ffffffff8516028152600160a060020a0390921660048301526024820152604401602060405180830381600087803b15156104a157600080fd5b6102c65a03f115156104b257600080fd5b50505060405180519050506104c5610a01565b5050565b60125460ff1681565b600b5481565b60035481565b60095481565b600c5481565b60025481565b600d81600481106104fd57fe5b0154905081565b60005433600160a060020a0390811691161461051f57600080fd5b600154600160a060020a0316633f4ba83a6040518163ffffffff1660e060020a028152600401600060405180830381600087803b151561055e57600080fd5b6102c65a03f1151561056f57600080fd5b505050565b60135481565b600a54600160a060020a031681565b60075481565b60055481565b60005433600160a060020a039081169116146105b057600080fd5b6007546013546105c6908363ffffffff6109f216565b11156105d157600080fd5b6000811180156105e95750600160a060020a03821615155b15156105f457600080fd5b601354610607908263ffffffff6109f216565b601355600154600160a060020a03166340c10f19838360006040516020015260405160e060020a63ffffffff8516028152600160a060020a0390921660048301526024820152604401602060405180830381600087803b151561066957600080fd5b6102c65a03f1151561067a57600080fd5b505050604051805150505050565b60085481565b60005433600160a060020a039081169116146106a957600080fd5b600154600160a060020a0316637d64bcb46000604051602001526040518163ffffffff1660e060020a028152600401602060405180830381600087803b15156106f157600080fd5b6102c65a03f1151561070257600080fd5b50505060405180515050565b60005433600160a060020a0390811691161461072957600080fd5b8060095410801561073c575060125460ff165b151561074757600080fd5b60098190557f510de15a452138d481e5e964b168dcec3480a1fa9f68b18bd243765e153c888f8160405190815260200160405180910390a150565b600054600160a060020a031681565b60045481565b6000805433600160a060020a039081169116146107b357600080fd5b6011544211806107c7575060025460135410155b15156107d257600080fd5b60125460ff16156107e257600080fd5b6011544210156107f157426011555b6012805460ff191660011790556108114262093a8063ffffffff6109f216565b600d555060015b600481101561085e5761084762093a80600d60001984016004811061083957fe5b01549063ffffffff6109f216565b600d826004811061085457fe5b0155600101610818565b50601054600955565b60065481565b60095442115b90565b60115481565b60005433600160a060020a0390811691161461089757600080fd5b600160a060020a03811615156108ac57600080fd5b600054600160a060020a0380831691167f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e060405160405180910390a36000805473ffffffffffffffffffffffffffffffffffffffff1916600160a060020a0392909216919091179055565b600154600160a060020a031681565b6000806000600854421015801561093f57506009544211155b91505034151581801561094f5750805b9250505090565b6000808315156109695760009150610985565b5082820282848281151561097957fe5b041461098157fe5b8091505b5092915050565b6000601154421180156109a25750600754601354105b156109eb576109e4600b546109d860646109cc6109bd610a37565b600b549063ffffffff61095616565b9063ffffffff610ba616565b9063ffffffff6109f216565b9050610873565b50600b5490565b60008282018381101561098157fe5b600a54600160a060020a03163480156108fc0290604051600060405180830381858888f193505050501515610a3557600080fd5b565b600080600080600654601354101515610a4f57600080fd5b5042915060005b6004811015610a8757600d8160048110610a6c57fe5b01548311610a7f57806001019150610a87565b600101610a56565b816001148015610a9a5750600354601354105b15610aa457601493505b816001148015610ab8575060035460135410155b15610ac257600f93505b816001148015610ad6575060045460135410155b15610ae057600a93505b816001148015610af4575060055460135410155b15610afe57600093505b816002148015610b115750600454601354105b15610b1b57600f93505b816002148015610b2f575060045460135410155b15610b3957600a93505b816002148015610b4d575060055460135410155b15610b5757600093505b816003148015610b6a5750600554601354105b15610b7457600a93505b816003148015610b88575060055460135410155b15610b9257600093505b8160041415610ba057600093505b50505090565b6000808284811515610bb457fe5b049493505050505600a165627a7a72305820262ab9d58bca518df4fce066a7ed7b41a54e72aa17aad296a0b6418a2b75266e0029

This is the contract present at address 0x73Dac1423d69651a6F85462B45260f7c05de3548 on the ethereum blockchain.

Any help would be appreciated.

hiqua commented 5 years ago

How did you get this bytecode? Which solc version?

Securify appears to run fine with -fs c.sol using the Solidity code in https://etherscan.io/address/0x73Dac1423d69651a6F85462B45260f7c05de3548#code. It also doesn't fail with the corresponding bytecode.

bishwascg commented 5 years ago

I'm not using the solidity source code. I'm running it on the contract bytecode available on etherchain here - https://www.etherchain.org/account/73Dac1423d69651a6F85462B45260f7c05de3548#code Somehow the bytecodes on etherchain and etherscan seem to be different. Any reason why?

hiqua commented 5 years ago

No I don't know anything about etherchain to be honest.

ritzdorf commented 5 years ago

Hey @bishwascg

for verified contracts, Etherscan shows the constructor code (i.e. it says Contract Creation Code). Etherchain, however, shows the actual contract code. Therefore, the Etherchain is the right one to use for securify and should work.

We are currently investigating a similar error and will also check out this one.

Thanks for your report.

ritzdorf commented 5 years ago

@hiqua According to Etherscan it was compiled with v0.4.18+commit.9cf6e910 with optimization enabled. (https://etherscan.io/address/0x73Dac1423d69651a6F85462B45260f7c05de3548#code)

hiqua commented 5 years ago

Yes I can reproduce it with 0.4.18 and --optimize, progress is tracked in #26.

hiqua commented 5 years ago

Seemingly solved in #81.

hiqua commented 5 years ago

Please let us know if this still doesn't work with the last commit on master!