search

nowarp / misti

TON Static Analyzer
https://nowarp.io/tools/misti
Apache License 2.0
29 stars 1 forks source link

Unprotected Call #49

Open byakuren-hijiri opened 3 months ago

byakuren-hijiri commented 3 months ago

In the following contract:

message Insert {
  key: Int;
  val: Int;
}

contract Foo {
  m: map<Int, Int>;

  receive(msg: Insert) {
    m.set(msg.key, msg.val);
  }
}

The access to m.set is available to anyone. Therefore, it is easy to disrupt the contract's behavior by implementing a DoS attack.

Another example includes an unprotected send call, which enables anyone to send messages from this contract.

The corrected version should contain some condition in the dataflow that checks some limitations or permissions to perform such a call.

jubnzv commented 1 month ago

It would be easier to implement if we had effects in the Callgraph: #189. For example, we should check if there is some kind of conditional workflow in functions that send or mutate the contract's state.

jubnzv commented 1 month ago

We should also track unprotected calls leading to cell overflow (#20), undeflow (#172) or runtime errors due to unexpected size (#114):

fun test(size: Int) {
  beginCell().storeInt(self.a, size) // Bad: triggers cell overflow or a runtime exception if size > 257
}
jubnzv commented 1 month ago

We could additionally describe unprotected selfdestruct (when SendDestroyIfZero is used in the unprotected send).