def test_CONCAT(self): solver = self.solver cs = ConstraintSet() a = cs.new_bitvec(16) b = cs.new_bitvec(8) c = cs.new_bitvec(8) cs.add(b == 0x41) cs.add(c == 0x42) cs.add(a == Operators.CONCAT(a.size, b, c)) self.assertTrue(solver.check(cs)) self.assertEqual(solver.get_value(cs, a), Operators.CONCAT(a.size, 0x41, 0x42))
def test_arithmetic_simplify_extract(self): cs = ConstraintSet() arr = cs.new_array(name='MEM') a = cs.new_bitvec(32, name='VARA') b = Operators.CONCAT(32, Operators.EXTRACT(a, 24, 8), Operators.EXTRACT(a, 16, 8), Operators.EXTRACT(a, 8, 8), Operators.EXTRACT(a, 0, 8)) self.assertEqual( translate_to_smtlib(b), '(concat ((_ extract 31 24) VARA) ((_ extract 23 16) VARA) ((_ extract 15 8) VARA) ((_ extract 7 0) VARA))' ) self.assertEqual(translate_to_smtlib(simplify(b)), 'VARA') c = Operators.CONCAT(16, Operators.EXTRACT(a, 16, 8), Operators.EXTRACT(a, 8, 8)) self.assertEqual( translate_to_smtlib(c), '(concat ((_ extract 23 16) VARA) ((_ extract 15 8) VARA))') self.assertEqual(translate_to_smtlib(simplify(c)), '((_ extract 23 8) VARA)')
with open('overflow.sol') as f: source_code = f.read() # Generate the accounts user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0) #First add won't overflow uint256 representation value_0 = m.make_symbolic_value() contract_account.add(value_0, caller=user_account) #Potential overflow value_1 = m.make_symbolic_value() contract_account.add(value_1, caller=user_account) contract_account.sellerBalance(caller=user_account) for state in m.running_states: # Check if input0 > sellerBalance # last_return is the data returned last_return = state.platform.transactions[-1].return_data # retrieve last_return and input0 in a similar format last_return = Operators.CONCAT(256, *last_return) state.constrain(Operators.UGT(value_0, last_return)) if solver.check(state.constraints): print("Overflow found! see {}".format(m.workspace)) m.generate_testcase(state, 'OverflowFound')
# Generate the accounts user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0) #First add won't overflow uint256 representation contract_account.add(m.SValue, caller=user_account) #Potential overflow contract_account.add(m.SValue, caller=user_account) contract_account.sellerBalance(caller=user_account) for state in m.running_states: # Check if input0 > sellerBalance # last_return is the data returned last_return = state.platform.last_return_data # First input (first call to add) input0 = state.input_symbols[0] # retrieve last_return and input0 in a similar format last_return = Operators.CONCAT(256, *last_return) # starts at 4 to skip function id input0 = Operators.CONCAT(256, *input0[4:36]) state.constrain(input0 > last_return) if solver.check(state.constraints): print "Overflow found! see %s" % m.workspace m.generate_testcase(state, 'OverflowFound')
def get_return_data(tx): assert isinstance(tx, Transaction) r = tx.return_data if isinstance(r, str): r = list(map(ord, r)) return Operators.CONCAT(256, *r)
''' # Initiate the accounts user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0) # Call f(a), with a symbolic value contract_account.f(m.SValue, caller=user_account) ## Check if an execution ends with a REVERT or INVALID for state in m.terminated_states: last_tx = state.platform.transactions[-1] if last_tx.result in ['REVERT', 'INVALID']: # return the first symbolic input input0 = state.input_symbols[0] # skip the function id, and extract the 32 bytes corresponding to the first parameter input0 = Operators.CONCAT(256, *input0[4:36]) # we do not consider the path were a == 65 state.constrain(input0 != 65) if not solver.check(state.constraints): print "Error found in infeasible path" continue print "Error found in f() execution (see %s)" % m.workspace m.generate_testcase(state, 'BugFound')