def _find_test_cases(self): print('Finding test cases ...') self._main_evm = ManticoreEVM(workspace_url=self._args.workspace) if self._args.quick_mode: self._args.avoid_constant = True self._args.exclude_all = True self._args.only_alive_testcases = True consts_evm = config.get_group("evm") consts_evm.oog = "ignore" consts.skip_reverts = True if consts.skip_reverts: self._main_evm.register_plugin(SkipRevertBasicBlocks()) if consts.explore_balance: self._main_evm.register_plugin(KeepOnlyIfStorageChanges()) if self._args.limit_loops: self._main_evm.register_plugin(LoopDepthLimiter()) with self._main_evm.kill_timeout(): self._main_evm.multi_tx_analysis( self._args.argv[0], contract_name=self._args.contract, tx_limit=self._args.txlimit, tx_use_coverage=not self._args.txnocoverage, tx_send_ether=not self._args.txnoether, tx_account=self._args.txaccount, tx_preconstrain=self._args.txpreconstrain, compile_args=vars(self._args), ) self._test_cases = list(self._main_evm.all_states)
def test_delegatecall_not_ok(self): self.mevm.register_plugin(LoopDepthLimiter()) name = inspect.currentframe().f_code.co_name[5:] self._test( name, { ("Delegatecall to user controlled function", False), ("Delegatecall to user controlled address", False), }, )
def test_etherleak_true_pos_msgsender1(self): self.mevm.register_plugin(LoopDepthLimiter(5)) name = inspect.currentframe().f_code.co_name[5:] self._test( name, { ("Reachable external call to sender", False), ("Reachable ether leak to sender", False), }, )
def test_delegatecall_not_ok1(self): self.mevm.register_plugin(LoopDepthLimiter(loop_count_threshold=500)) name = inspect.currentframe().f_code.co_name[5:] self._test(name, {("Delegatecall to user controlled function", False)})
def test_selfdestruct_true_pos1(self): self.mevm.register_plugin(LoopDepthLimiter(2)) name = inspect.currentframe().f_code.co_name[5:] self._test(name, {("Reachable SELFDESTRUCT", False)})
def __run_manticore(self, trace): self.print('[.] Running Manticore') consts = manticoreConfig.get_group('core') consts.procs = self.procs output_path = self.__create_output_path() manticore = ManticoreEVM(workspace_url=output_path) if self.force_loop_limit: loop_delimiter = LoopDepthLimiter( loop_count_threshold=self.loop_limit) manticore.register_plugin(loop_delimiter) if self.avoid_constant_txs: filter_nohuman_constants = FilterFunctions(regexp=r'.*', depth='human', mutability='constant', include=False) manticore.register_plugin(filter_nohuman_constants) self.print('[...] Creating user accounts') for num in range(0, self.amount_user_accounts): account_name = 'user_account_' + str(num) manticore.create_account(balance=self.user_initial_balance, name=account_name) self.print('[...] Creating a contract and its library dependencies') with open(self.contract_path, 'r') as contract_file: source_code = contract_file.read() try: contract_account = manticore.solidity_create_contract( source_code, owner=manticore.get_account('user_account_0'), args=self.contract_args, contract_name=self.contract_name) except: raise Exception('Check contract arguments') if contract_account is None: raise Exception( 'Contract account is None, check contract arguments') self.print('[...] Calling functions in trace') function_types = {} function_signatures = manticore.get_metadata( contract_account).function_signatures for signature in function_signatures: signature_parts = signature.split('(') name = str(signature_parts[0]) types = str(signature_parts[1].replace(')', '')) function_types[name] = types for function_name in trace: if function_name == '': # FIXME, check VeriSol trace manticore.transaction(caller=manticore.make_symbolic_address(), address=contract_account, value=manticore.make_symbolic_value(), data=manticore.make_symbolic_buffer( self.fallback_data_size)) else: function_to_call = getattr(contract_account, function_name) types = function_types[function_name] if len(types) > 0: function_to_call( manticore.make_symbolic_arguments( function_types[function_name])) else: function_to_call() self.print('[...] Processing output') throw_states = [] for state in manticore.terminated_states: if str(state.context['last_exception']) == 'THROW': throw_states.append(state) if len(throw_states) == 0: raise Exception('Manticore couldn\'t confirm the counterexample') if self.verbose: for state in throw_states: manticore.generate_testcase(state) self.print('[-] Look for full output in:', manticore.workspace)