search

tagomaru / truffle-sca2t

Smart contract auditing assistant tool for Truffle Framework.
18 stars 4 forks source link

TypeError: Cannot read property 'contractName' of undefined #30

Closed muellerberndt closed 5 years ago

muellerberndt commented 5 years ago

For certain contracts I am getting a TypeError: Cannot read property 'contractName' of undefined exception. E.g. in this test project:

$ truffle run mythx contracts/Etherbank.sol --cli --markdown
Start analysis in cli mode.
Warning: Both truffle-config.js and truffle.js were found. Using truffle-config.js.
Compiling: Etherbank.sol... done
Generating data for MythX: Etherbank.sol... done
Login to MythX: Etherbank.sol... done
Analyzing: Etherbank.sol... done
TypeError: Cannot read property 'contractName' of undefined
    at CLI.prepareForMarkdown (/usr/local/lib/node_modules/truffle-sca2t/node_modules/truffle-sca2t-mythx/lib/cli.js:170:35)
    at CLI.doAnalyze (/usr/local/lib/node_modules/truffle-sca2t/node_modules/truffle-sca2t-mythx/lib/cli.js:74:14)
    at processTicksAndRejections (internal/process/task_queues.js:86:5)
Truffle v5.0.10 (core: 5.0.10)
Node v11.14.0

The analysis itself seems to work fine:

$ sabre contracts/Etherbank.sol 
✔ Compiled with solc v0.5.7 successfully

Etherbank.sol
  30:4   error    The binary addition can overflow               https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101
   1:0   warning  A floating pragma is set                       https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103
  17:42  warning  A call to a user-supplied address is executed  https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-107

✖ 3 problems (1 error, 2 warnings)

Also, the Truffle-Sca2t test works for other contracts in the same project.

tagomaru commented 5 years ago

@b-mueller Thx for your raising this issue up. This kind of issues could occur when the response included MythX Log.

I fixed it, please try v0.5.3. https://github.com/tagomaru/truffle-sca2t/releases/tag/v0.5.3

Just for your info. I analyzed Etherbank.sol with sabre. The response was the below.

[
  {
    "issues": [
      {
        "swcID": "SWC-101",
        "swcTitle": "Integer Overflow and Underflow",
        "description": {
          "head": "The binary addition can overflow.",
          "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
        },
        "severity": "High",
        "locations": [
          {
            "sourceMap": "669:33:0"
          }
        ],
        "extra": {
          "testCase": {
            "initialState": {
              "accounts": null
            },
            "steps": null
          }
        }
      },
      {
        "swcID": "SWC-103",
        "swcTitle": "Floating Pragma",
        "description": {
          "head": "A floating pragma is set.",
          "tail": "It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently any version equal or greater than \"0.5.0\" is allowed."
        },
        "severity": "Medium",
        "locations": [
          {
            "sourceMap": "0:23:0"
          }
        ],
        "extra": {
          "testCase": {
            "initialState": {
              "accounts": null
            },
            "steps": null
          }
        }
      },
      {
        "swcID": "SWC-107",
        "swcTitle": "Reentrancy",
        "description": {
          "head": "A call to a user-supplied address is executed.",
          "tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
        },
        "severity": "Medium",
        "locations": [
          {
            "sourceMap": "414:33:0"
          }
        ],
        "extra": {
          "testCase": {
            "initialState": {
              "accounts": null
            },
            "steps": null
          }
        }
      }
    ],
    "sourceType": "solidity-file",
    "sourceFormat": "text",
    "sourceList": [
      "Etherbank.sol"
    ],
    "meta": {
      "coveredInstructions": 0,
      "coveredPaths": 0,
      "logs": [
        {
          "level": "info",
          "msg": "skipped automated fuzz testing due to incompatible bytecode input"
        }
      ],
      "selectedCompiler": "0.5.0"
    }
  }
]

This has MythX Log, however sabre seems not to show the info to let users know it. I am not sure that this is critical, though.

muellerberndt commented 5 years ago

Yep, works with 0.5.3.