status-im
/
sticker-market
mirror of https://github.com/status-im/sticker-market.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

ran mythos and added output

This commit is contained in:
Corey 2019-06-04 15:53:57 -04:00
parent 8a687e37de
commit 9fec5550b8
5 changed files with 28289 additions and 12359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
analyzers/mythos/issues-8976cea1-3887-4f54-b22e-c384a36edf45.json Normal file
View File

@ -0,0 +1,113 @@
{
"elapsed": 135604,
"issues": [
{
"issues": [],
"sourceType": "solidity-file",
"sourceFormat": "unknown",
"sourceList": [],
"meta": {
"logs": [
{
"level": "error",
"msg": "Maru:TypeError: Cannot read property 'nodeType' of null"
}
],
"selectedCompiler": "Unknown"
}
},
{
"issues": [
{
"swcID": "SWC-107",
"swcTitle": "Reentrancy",
"description": {
"head": "A call to a user-supplied address is executed.",
"tail": "The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state."
},
"severity": "Medium",
"locations": [
{
"sourceMap": "11625:35:4"
}
],
"extra": {
"testCases": null
}
},
{
"swcID": "SWC-110",
"swcTitle": "Assert Violation",
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"severity": "Low",
"locations": [
{
"sourceMap": "9158:14:4"
}
],
"extra": {
"testCases": null
}
},
{
"swcID": "SWC-110",
"swcTitle": "Assert Violation",
"description": {
"head": "A reachable exception has been detected.",
"tail": "It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking."
},
"severity": "Low",
"locations": [
{
"sourceMap": "12544:33:4"
}
],
"extra": {
"testCases": null
}
}
],
"sourceType": "solidity-file",
"sourceFormat": "text",
"sourceList": [
"./contracts/status/sticker-market/StickerMarket.sol",
"./contracts/token/NonfungibleToken.sol",
"./contracts/token/ERC20Token.sol",
"./contracts/token/ApproveAndCallFallBack.sol",
"./contracts/common/Controlled.sol",
"./contracts/token/ERC721.sol",
"./contracts/token/ERC721Receiver.sol",
"./contracts/common/SafeMath.sol",
"./contracts/common/Address.sol",
"./contracts/common/Introspective.sol"
],
"meta": {
"coveredInstructions": 0,
"coveredPaths": 0,
"logs": [
{
"level": "info",
"msg": "skipped automated fuzz testing due to incompatible bytecode input"
}
]
}
}
],
"status": {
"apiVersion": "v1.4.18",
"clientToolName": "mythos",
"harveyVersion": "0.0.23",
"maestroVersion": "1.2.16",
"maruVersion": "0.4.8",
"mythrilVersion": "0.20.8",
"queueTime": 11604,
"runTime": 94299,
"status": "Finished",
"submittedAt": "2019-06-04T19:24:01.511Z",
"submittedBy": "5cf6c23f5b7afd001944d1a4",
"uuid": "8976cea1-3887-4f54-b22e-c384a36edf45"
}
}

62
analyzers/mythos/output.txt Normal file
View File

@ -0,0 +1,62 @@
$ mythos analyze ./contracts/status/sticker-market/StickerMarket.sol StickerMarket --mythxEthAddress=0x2942577508e060ea092c0cd7802ae42c1cea2bae --mythxPassword=<supersecretpassword>
Reading contract ./contracts/status/sticker-market/StickerMarket.sol... done
Compiling with Solidity version: v0.5.6+commit.b259423e
Compiling contract ./contracts/status/sticker-market/StickerMarket.sol... done
Analyzing contract StickerMarket... done
UUID: 8976cea1-3887-4f54-b22e-c384a36edf45
API Version: v1.4.18
Harvey Version: 0.0.23
Maestro Version: 1.2.16
Maru Version: 0.4.8
Mythril Version: 0.20.8
Report found: 0 issues
Covered instructions: undefined
Covered paths: undefined
Selected compiler version: vUnknown
Covered instructions: 0
Covered paths: 0
Selected compiler version: vundefined
Title: (SWC-107) Reentrancy
Severity: Medium
Head: A call to a user-supplied address is executed.
Description: The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 356:8
--------------------------------------------------
token.transfer(controller, balance)
--------------------------------------------------
==================================================
Title: (SWC-110) Assert Violation
Severity: Low
Head: A reachable exception has been detected.
Description: It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 273:8
--------------------------------------------------
state = _state
--------------------------------------------------
==================================================
Title: (SWC-110) Assert Violation
Severity: Low
Head: A reachable exception has been detected.
Description: It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 393:17
--------------------------------------------------
availablePacks[_category][_index]
--------------------------------------------------
==================================================
Done

47
analyzers/mythos/output_mitigations.md Normal file
View File

@ -0,0 +1,47 @@
# Steps take to mitigate issues found in output.txt
## output.txt line 23 `Title: (SWC-107) Reentrancy`
**description:**
```
Severity: Medium
Head: A call to a user-supplied address is executed.
Description: The callee address of an external message call can be set by the caller. Note that the callee can contain arbitrary code and may re-enter any function in this contract. Review the business logic carefully to prevent averse effects on the contract state.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 356:8
--------------------------------------------------
token.transfer(controller, balance)
--------------------------------------------------
```
**mitigation:**
None. This is an `ownlyOwner` modified function. The owner will not use a re-entrancy attack in this context. It is benign.
## output.txt line 36 `Title: (SWC-110) Assert Violation`
**description:**
```
Severity: Low
Head: A reachable exception has been detected.
Description: It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 273:8
--------------------------------------------------
state = _state
--------------------------------------------------
**mitigation:**
None. This is an `ownlyOwner` modified function. We can assume that the owner controlled functions will be called with the correct state.
```
## output.txt line 49: `Title: (SWC-110) Assert Violation`
**description:**
```
Severity: Low
Head: A reachable exception has been detected.
Description: It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
Source code:
./contracts/status/sticker-market/StickerMarket.sol 393:17
--------------------------------------------------
availablePacks[_category][_index]
--------------------------------------------------
```
**mitigation:**

40266
crytic-export/contracts-embark.json
View File

File diff suppressed because one or more lines are too long

8
embark.json
View File

@ -14,7 +14,13 @@
"ipfs-api": "17.2.4" "ipfs-api": "17.2.4"
}, },
"plugins": { "plugins": {
"embarkjs-connector-web3": {} "embarkjs-connector-web3": {},
"embark-mythx": {
"ignore": ["Ownable", "Migrations"]
},
"@trailofbits/embark-contract-info": {
"flags": ""
}
}, },
"options": { "options": {
"solc": { "solc": {