Ejemplo n.º 1
0
from manticore.seth import ManticoreEVM
################ Script #######################

m = ManticoreEVM()
#And now make the contract account to analyze
# cat  | solc --bin
source_code = '''
pragma solidity ^0.4.13;
contract NoDistpatcher {
    event Log(string);

    function() payable {
        if (msg.data[0] == 'A') {
            Log("Got an A");
        }
        else{
            Log("Got something else");
        }
    } 
}
'''

user_account = m.create_account(balance=1000)
print "[+] Creating a user account", user_account

contract_account = m.solidity_create_contract(source_code, owner=user_account)
print "[+] Creating a contract account", contract_account
print "[+] Source code:"
print source_code

print "[+] Now the symbolic values"
Ejemplo n.º 2
0
from manticore.seth import ManticoreEVM

m = ManticoreEVM()
m.verbosity(3)
#And now make the contract account to analyze
source_code = file('coverage.sol').read()

user_account = m.create_account(balance=1000)

bytecode = m.compile(source_code)
#Initialize contract
contract_account = m.create_contract(owner=user_account,
                                     balance=0,
                                     init=bytecode)

m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)

#Up to here we get only ~30% coverage.
#We need 2 transactions to fully explore the contract
m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)
Ejemplo n.º 3
0
from manticore.seth import ManticoreEVM
################ Script #######################

seth = ManticoreEVM()
seth.verbosity(0)
#The contract account to analyze
contract_source_code = '''
pragma solidity ^0.4.15;

contract Reentrance {
    mapping (address => uint) userBalance;
   
    function getBalance(address u) constant returns(uint){
        return userBalance[u];
    }

    function addToBalance() payable{
        userBalance[msg.sender] += msg.value;
    }   

    function withdrawBalance(){
        // send userBalance[msg.sender] ethers to msg.sender
        // if mgs.sender is a contract, it will call its fallback function
        if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){
           revert();
        }
        userBalance[msg.sender] = 0;
    }   
}
'''
Ejemplo n.º 4
0
from manticore.seth import ManticoreEVM
seth = ManticoreEVM()
#And now make the contract account to analyze
source_code = '''
pragma solidity ^0.4.15;
contract Overflow {
    uint private sellerBalance=0;
    
    function add(uint value) returns (bool){
        sellerBalance += value; // complicated math with possible overflow

        // possible auditor assert
        assert(sellerBalance >= value); 
    } 
}
'''
#Initialize user and contracts
user_account = seth.create_account(balance=1000)
contract_account = seth.solidity_create_contract(source_code, owner=user_account, balance=0)

#First add won't overflow uint256 representation
contract_account.add(seth.SValue)

#Potential overflow
contract_account.add(seth.SValue)


print "[+] There are %d reverted states now"% len(seth.final_state_ids)
for state_id in seth.final_state_ids:
    seth.report(state_id)
Ejemplo n.º 5
0
from manticore.seth import ManticoreEVM, ABI
################ Script #######################

seth = ManticoreEVM()
seth.verbosity(0)
#The contract account to analyze
contract_source_code = '''
pragma solidity ^0.4.15;

contract Reentrance {
    mapping (address => uint) userBalance;
   
    function getBalance(address u) constant returns(uint){
        return userBalance[u];
    }

    function addToBalance() payable{
        userBalance[msg.sender] += msg.value;
    }   

    function withdrawBalance(){
        // send userBalance[msg.sender] ethers to msg.sender
        // if mgs.sender is a contract, it will call its fallback function
        if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){
           revert();
        }
        userBalance[msg.sender] = 0;
    }   
}
//Function signatures: 
//c0e317fb: addToBalance()
Ejemplo n.º 6
0
from manticore.seth import ManticoreEVM, IntegerOverflow

m = ManticoreEVM()
m.register_detector(IntegerOverflow())

#And now make the contract account to analyze
source_code = '''
pragma solidity ^0.4.15;
contract Overflow {
    uint private sellerBalance=0;
    
    function add(uint value) returns (uint){
        sellerBalance += value; // complicated math with possible overflow

        // possible auditor assert
        assert(sellerBalance >= value); 
        return sellerBalance;
    } 
}
'''
#Initialize user and contracts
user_account = m.create_account(balance=1000)
contract_account = m.solidity_create_contract(source_code,
                                              owner=user_account,
                                              balance=0)

#First add won't overflow uint256 representation
contract_account.add(m.make_symbolic_value())

#Potential overflow
contract_account.add(m.make_symbolic_value())
Ejemplo n.º 7
0
from manticore.seth import ManticoreEVM
################ Script #######################

seth = ManticoreEVM()
seth.verbosity(0)
#And now make the contract account to analyze
# cat  | solc --bin
source_code = '''
pragma solidity ^0.4.13;
contract NoDistpatcher {
    event Log(string);

    function() payable {
        if (msg.data[0] == 'A') {
            Log("Got an A");
        }
        else{
            Log("Got something else");
        }
    } 
}
'''

print "[+] Creating a user account"
user_account = seth.create_account(balance=1000)

print "[+] Creating a contract account"
contract_account = seth.solidity_create_contract(source_code,
                                                 owner=user_account)

print "[+] Now the symbolic values"
Ejemplo n.º 8
0
from manticore.seth import ManticoreEVM
################ Script #######################

m = ManticoreEVM()
m.verbosity(2)
#And now make the contract account to analyze
# cat  | solc --bin
source_code = '''
pragma solidity ^0.4.13;

contract Test {
    event Log(string);
    mapping(address => uint) private balances;

    function Test(){
        balances[0x1111111111111111111111111111111111111111] = 10;
        balances[0x2222222222222222222222222222222222222222] = 20;
        balances[0x3333333333333333333333333333333333333333] = 30;
        balances[0x4444444444444444444444444444444444444444] = 40;
        balances[0x5555555555555555555555555555555555555555] = 50;
    }
    
    function target(address key) returns (bool){
        if (balances[key] > 20)
            Log("Balance greater than 20");
        else
            Log("Balance less or equal than 20");
    } 

}
'''
Ejemplo n.º 9
0
from manticore.seth import ManticoreEVM, ABI
################ Script #######################

m = ManticoreEVM()
m.verbosity(0)
#The contract account to analyze
contract_source_code = '''
pragma solidity ^0.4.15;

contract Reentrance {
    mapping (address => uint) userBalance;
   
    function getBalance(address u) constant returns(uint){
        return userBalance[u];
    }

    function addToBalance() payable{
        userBalance[msg.sender] += msg.value;
    }   

    function withdrawBalance(){
        // send userBalance[msg.sender] ethers to msg.sender
        // if mgs.sender is a contract, it will call its fallback function
        if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){
           revert();
        }
        userBalance[msg.sender] = 0;
    }   
}
//Function signatures: 
//c0e317fb: addToBalance()
Ejemplo n.º 10
0
from manticore.seth import ManticoreEVM
################ Script #######################

m = ManticoreEVM()
m.verbosity(0)
#And now make the contract account to analyze
# cat  | solc --bin 
source_code = '''
pragma solidity ^0.4.13;

contract Test {
    event Log(string);

    function target() payable public {
        if (msg.value > 10)
            Log("Value greater than 10");
        else
            Log("Value less or equal than 10");

    } 

}
'''
#Initialize accounts
user_account = m.create_account(balance=1000)  
contract_account = m.solidity_create_contract(source_code, owner=user_account)


contract_account.target(value=m.SValue)

Ejemplo n.º 11
0
from manticore.seth import ManticoreEVM
################ Script #######################

m = ManticoreEVM()
m.verbosity(0)
#The contract account to analyze
contract_source_code = '''
pragma solidity ^0.4.15;

contract Reentrance {
    mapping (address => uint) userBalance;
   
    function getBalance(address u) constant returns(uint){
        return userBalance[u];
    }

    function addToBalance() payable{
        userBalance[msg.sender] += msg.value;
    }   

    function withdrawBalance(){
        // send userBalance[msg.sender] ethers to msg.sender
        // if mgs.sender is a contract, it will call its fallback function
        if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){
           revert();
        }
        userBalance[msg.sender] = 0;
    }   
}
'''