def testBasicMigration(self):
solver = self.solver
cs1 = ConstraintSet()
cs2 = ConstraintSet()
var1 = cs1.new_bitvec(32, "var")
var2 = cs2.new_bitvec(32, "var")
cs1.add(Operators.ULT(var1, 3)) # var1 can be 0, 1, 2
# make a migration map dict
migration_map1 = {}
# this expression is composed with variables of both cs
expression = var1 > var2
migrated_expression = cs1.migrate(expression, migration_map1)
cs1.add(migrated_expression)
expression = var2 > 0
migrated_expression = cs1.migrate(expression, migration_map1)
cs1.add(migrated_expression)
self.assertItemsEqual(solver.get_all_values(cs1, var1), [2]) # should only be [2]
contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0)
contract_account.balanceOf(to_account, caller=user_account)
contract_account.balanceOf(from_account, caller=user_account)
contract_account.balanceOf(user_account, caller=user_account)
symbolic_val1 = m.make_symbolic_value()
#m.constrain(symbolic_val1 > 100)
contract_account.transfer(to_account, symbolic_val1, caller=from_account)
contract_account.balanceOf(user_account, caller=user_account)
contract_account.balanceOf(from_account, caller=user_account)
contract_account.balanceOf(to_account, caller=user_account)
for state in m.ready_states:
#for tx in state.platform.transactions:
# print("From address: (0x%x) \n" % (tx.caller))
#print("********\n")
balance_before = state.platform.transactions[1].return_data
balance_before = ABI.deserialize("uint", balance_before)
balance_after = state.platform.transactions[-1].return_data
balance_after = ABI.deserialize("uint", balance_after)
state.constrain(Operators.ULT(balance_before, balance_after))
if solver.check(state.constraints):
print("Found! see {}".format(m.workspace))
m.generate_testcase(state, "Found")
m = ManticoreEVM()
ETH = 10**18
user = m.create_account(balance=1*ETH, name='user')
counter = m.solidity_create_contract('Counter.sol',
contract_name='Counter',
owner=user)
# generate symbolic initial state and argument
sval0 = m.make_symbolic_value(256)
sval1 = m.make_symbolic_value(256)
# set initial state
for st in m.ready_states:
st.platform.set_storage_data(counter, 0, sval0)
# call add() with symbolic argument
counter.add(sval1)
# check if an overflow is possible
for st in m.ready_states:
n = st.platform.get_storage_data(counter, 0)
prop_overflow = Props.ULT(n, sval0)
# if an overflow is possible, generate a concrete case that triggers it
if st.can_be_true(prop_overflow):
st.constrain(prop_overflow)
val0, val1 = st.solve_one_n(sval0, sval1)
print('shit')
print(f'overflow!\ninitial value: {val0}\ncall: add({val1})')
def test_ULT(self):
solver = self.solver
cs = ConstraintSet()
a = cs.new_bitvec(8)
b = cs.new_bitvec(8)
c = cs.new_bitvec(8)
cs.add(a == 0x1) # 1
cs.add(b == 0x86) # -122
cs.add(c == 0x11) # 17
self.assertTrue(solver.must_be_true(cs, Operators.ULT(a, b)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(a, c)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(c, b)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(a, 0xF2)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(b, 0x99)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(c, 0x12)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(3, 0xF2)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(3, 4)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(0, a)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(0x85, b)))
self.assertTrue(solver.must_be_true(cs, Operators.ULT(0x10, c)))
