Closed muellerberndt closed 5 years ago
@b-mueller Thx for your raising this issue up. This kind of issues could occur when the response included MythX Log.
I fixed it, please try v0.5.3. https://github.com/tagomaru/truffle-sca2t/releases/tag/v0.5.3
Just for your info.
I analyzed Etherbank.sol
with sabre
.
The response was the below.
[
{
"issues": [
{
"swcID": "SWC-101",
"swcTitle": "Integer Overflow and Underflow",
"description": {
"head": "The binary addition can overflow.",
"tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion."
},
"severity": "High",
"locations": [
{
"sourceMap": "669:33:0"
}
],
"extra": {
"testCase": {
"initialState": {
"accounts": null
},
"steps": null
}
}
},
{
"swcID": "SWC-103",
"swcTitle": "Floating Pragma",
"description": {
"head": "A floating pragma is set.",
"tail": "It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently any version equal or greater than \"0.5.0\" is allowed."
},
"severity": "Medium",
"locations": [
{
"sourceMap": "0:23:0"
}
],
"extra": {
"testCase": {
"initialState": {
"accounts": null
},
"steps": null
}
}
},
{
"swcID": "SWC-107",
"swcTitle": "Reentrancy",
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"severity": "Medium",
"locations": [
{
"sourceMap": "414:33:0"
}
],
"extra": {
"testCase": {
"initialState": {
"accounts": null
},
"steps": null
}
}
}
],
"sourceType": "solidity-file",
"sourceFormat": "text",
"sourceList": [
"Etherbank.sol"
],
"meta": {
"coveredInstructions": 0,
"coveredPaths": 0,
"logs": [
{
"level": "info",
"msg": "skipped automated fuzz testing due to incompatible bytecode input"
}
],
"selectedCompiler": "0.5.0"
}
}
]
This has MythX Log, however sabre seems not to show the info to let users know it. I am not sure that this is critical, though.
Yep, works with 0.5.3.
For certain contracts I am getting a
TypeError: Cannot read property 'contractName' of undefined
exception. E.g. in this test project:The analysis itself seems to work fine:
Also, the Truffle-Sca2t test works for other contracts in the same project.