def add(self, constraint, check=False): ''' Add a constraint to the set :param constraint: The constraint to add to the set. :param check: Currently unused. :return: ''' if isinstance(constraint, bool): constraint = BoolConstant(constraint) assert isinstance(constraint, Bool) constraint = simplify(constraint) # If self._child is not None this constraint set has been forked and a # a derived constraintset may be using this. So we can't add any more # constraints to this one. After the child constraintSet is deleted # we regain the ability to add constraints. if self._child is not None: raise Exception('ConstraintSet is frozen') if isinstance(constraint, BoolConstant): if not constraint.value: logger.info("Adding an impossible constant constraint") self._constraints = [constraint] else: return self._constraints.append(constraint) if check: from manticore.core.smtlib import solver if not solver.check(self): raise ValueError("Added an impossible constraint")
def constraints_are_sat(cons): 'Whether constraints are sat' return solver.check(constraints_to_constraintset(cons))
with open('overflow.sol') as f: source_code = f.read() # Generate the accounts user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0) #First add won't overflow uint256 representation value_0 = m.make_symbolic_value() contract_account.add(value_0, caller=user_account) #Potential overflow value_1 = m.make_symbolic_value() contract_account.add(value_1, caller=user_account) contract_account.sellerBalance(caller=user_account) for state in m.running_states: # Check if input0 > sellerBalance # last_return is the data returned last_return = state.platform.transactions[-1].return_data # retrieve last_return and input0 in a similar format last_return = Operators.CONCAT(256, *last_return) state.constrain(Operators.UGT(value_0, last_return)) if solver.check(state.constraints): print("Overflow found! see {}".format(m.workspace)) m.generate_testcase(state, 'OverflowFound')
print "Creator account: 0x%x (%d)"%(creator_account, creator_account) print "Attacker account: 0x%x (%d)"%(attacker_account, attacker_account) # Deposit 1 ether, from the creator contract_account.deposit(caller=creator_account, value=10**18) # Two raw transactions from the attacker symbolic_data = m.make_symbolic_buffer(320) m.transaction(caller=attacker_account, address=contract_account, data=symbolic_data, value=0) symbolic_data = m.make_symbolic_buffer(320) m.transaction(caller=attacker_account, address=contract_account, data=symbolic_data, value=0) for state in m.running_states: # Check if the attacker can ends with some ether balance = state.platform.get_balance(attacker_account) state.constrain(balance > 1) if solver.check(state.constraints): print "Attacker can steal the ether! see %s"%m.workspace m.generate_testcase(state, 'WalletHack')