Try static analyzers on the Solidity code

raiden-network / raiden-contracts

Raiden Network Smart Contracts

MIT License

52 stars 44 forks source link

Try static analyzers on the Solidity code #708

Closed pirapira closed 5 years ago

pirapira commented 5 years ago

Like the ones listed in

https://ethereum.stackexchange.com/questions/31519/security-analysis-tool-for-ethereum-smart-contracts?rq=1

pirapira commented 5 years ago

Manticore (seeing a segmentation fault in the tool)
Mythril Classic (no errors detected in TokenNetwork)
MythX: proprietary solution
Echdna (depends on writing an invariant)
Oyente (difficulty installing)
~~Solgraph~~
Solcheck (hasn't updated for two years)
solint (hasn't updated for three years)
solium (got some useful messages)
solhint (not working as described)
remix
SmartDec
Rattle (not something that points out bugs)
Ethersplay (not something that points out bugs)
Securify
VerX

pirapira commented 5 years ago

(venv) parupunte% myth -x --solc-args ".=. lib=contracts/lib raiden=contracts/raiden test=contracts/test services=contracts/services" contracts/raiden/TokenNetwork.sol

The analysis was completed successfully. No issues were detected.

pirapira commented 5 years ago

==== Integer Overflow ====
SWC ID: 101
Severity: High
Contract: SecretRegistry
Function name: registerSecretBatch(bytes32[])
PC address: 392
Estimated Gas Usage: 340 - 435
The binary multiplication can overflow.
The operands of the multiplication operation are not sufficiently constrained. The multiplication could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion.
--------------------

pirapira commented 5 years ago

Everything that can be easily be done has been done.