def setUp(self): evm_consts = config.get_group("evm") self.saved_sha3 = evm_consts.sha3 evm_consts.sha3 = evm_consts.sha3.fake self.mevm = ManticoreEVM() self.worksp = self.mevm.workspace
def _find_test_cases(self): print('Finding test cases ...') self._main_evm = ManticoreEVM(workspace_url=self._args.workspace) if self._args.quick_mode: self._args.avoid_constant = True self._args.exclude_all = True self._args.only_alive_testcases = True consts_evm = config.get_group("evm") consts_evm.oog = "ignore" consts.skip_reverts = True if consts.skip_reverts: self._main_evm.register_plugin(SkipRevertBasicBlocks()) if consts.explore_balance: self._main_evm.register_plugin(KeepOnlyIfStorageChanges()) if self._args.limit_loops: self._main_evm.register_plugin(LoopDepthLimiter()) with self._main_evm.kill_timeout(): self._main_evm.multi_tx_analysis( self._args.argv[0], contract_name=self._args.contract, tx_limit=self._args.txlimit, tx_use_coverage=not self._args.txnocoverage, tx_send_ether=not self._args.txnoether, tx_account=self._args.txaccount, tx_preconstrain=self._args.txpreconstrain, compile_args=vars(self._args), ) self._test_cases = list(self._main_evm.all_states)
def test_graceful_handle_no_alive_states(self): """ If there are no alive states, or no initial states, we should not crash. issue #795 """ # initiate the blockchain m = ManticoreEVM() source_code = ''' contract Simple { function f(uint a) payable public { if (a == 65) { revert(); } } } ''' # Initiate the accounts user_account = m.create_account(balance=1000) contract_account = m.solidity_create_contract(source_code, owner=user_account, balance=0) contract_account.f(1) # it works contract_account.f(65) # it works with self.assertRaises(NoAliveStates): contract_account.f( m.SValue) # no alive states, but try to run a tx anyway
def test_int_ovf(self): mevm = ManticoreEVM() mevm.register_detector(DetectIntegerOverflow()) filename = os.path.join(THIS_DIR, 'binaries/int_overflow.sol') mevm.multi_tx_analysis(filename, tx_limit=1) self.assertEqual(len(mevm.global_findings), 3) all_findings = ''.join([x[2] for x in mevm.global_findings]) self.assertIn('Unsigned integer overflow at SUB instruction', all_findings) self.assertIn('Unsigned integer overflow at ADD instruction', all_findings) self.assertIn('Unsigned integer overflow at MUL instruction', all_findings)
def test_int_ovf(self): mevm = ManticoreEVM() mevm.register_detector(IntegerOverflow()) filename = os.path.join(THIS_DIR, 'binaries/int_overflow.sol') mevm.multi_tx_analysis(filename) self.assertEqual(len(mevm.global_findings), 3) all_findings = ''.join(map(lambda x: x[2], mevm.global_findings)) self.assertIn('underflow at SUB', all_findings) self.assertIn('overflow at ADD', all_findings) self.assertIn('overflow at MUL', all_findings)
def manticore(self): if self._manticore is None: if self._assigned_manticore is None: # we do lazy evaluation of ManticoreClient.manticore so self.log_directory will be assigned already if self.log_directory is None: workspace = None else: workspace = self.log_directory self._assigned_manticore = ManticoreEVM( workspace_url=workspace) self._manticore = threadwrapper.MainThreadWrapper( self._assigned_manticore, _CONTROLLER) self._finalize_manticore() return self._manticore
def test_end_instruction_trace(self): """ Make sure that the trace files are correct, and include the end instructions """ class TestPlugin(Plugin): """ Record the pcs of all end instructions encountered. Source of truth. """ def will_evm_execute_instruction_callback(self, state, instruction, arguments): if isinstance(state.platform.current.last_exception, Create): name = 'init' else: name = 'rt' # collect all end instructions based on whether they are in init or rt if instruction.semantics in ('REVERT', 'STOP', 'RETURN'): with self.locked_context(name) as d: d.append(state.platform.current.pc) mevm = ManticoreEVM() p = TestPlugin() mevm.register_plugin(p) filename = os.path.join(THIS_DIR, 'binaries/int_overflow.sol') mevm.multi_tx_analysis(filename, tx_limit=1) worksp = mevm.workspace listdir = os.listdir(worksp) def get_concatenated_files(directory, suffix): paths = [ os.path.join(directory, f) for f in listdir if f.endswith(suffix) ] concatenated = ''.join(open(path).read() for path in paths) return concatenated all_init_traces = get_concatenated_files(worksp, 'init.trace') all_rt_traces = get_concatenated_files(worksp, 'rt.trace') # make sure all init end insns appear somewhere in the init traces for pc in p.context['init']: self.assertIn(':0x{:x}'.format(pc), all_init_traces) # and all rt end insns appear somewhere in the rt traces for pc in p.context['rt']: self.assertIn(':0x{:x}'.format(pc), all_rt_traces)
def test_emit_did_execute_end_instructions(self): class TestDetector(Detector): def did_evm_execute_instruction_callback(self, state, instruction, arguments, result): if instruction.semantics in ('REVERT', 'STOP'): with self.locked_context('insns', dict) as d: d[instruction.semantics] = True mevm = ManticoreEVM() p = TestDetector() mevm.register_detector(p) filename = os.path.join(THIS_DIR, 'binaries/int_overflow.sol') mevm.multi_tx_analysis(filename, tx_limit=1) self.assertIn('insns', p.context) context = p.context['insns'] self.assertIn('STOP', context) self.assertIn('REVERT', context)
def test_parse_tx(self): m = ManticoreEVM() source_code = ''' contract C{ mapping(address => uint) balances; function test1(address to, uint val){ balances[to] = val; } } ''' user_account = m.create_account(balance=1000, name='user_account') contract_account = m.solidity_create_contract(source_code, owner=user_account, name='contract_account') calldata = binascii.unhexlify(b'9de4886f9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d9d') returndata = b'' md = m.get_metadata(contract_account) self.assertEqual(md.parse_tx(calldata, returndata), 'test1(899826498278242188854817720535123270925417291165, 71291600040229971300002528024956868756719167029433602173313100742126907268509)')
def scenario1(): m = ManticoreEVM() market = initialize(m, parameters={'pr_fl': 10**6}, market_owner_token_balance=10**21) bob = init_user(m, market, 'bob', 100 * ONE_ETH) eve = init_user(m, market, 'eve', 100 * ONE_ETH) calls_support(market, [(eve, 1 * ONE_ETH), (bob, 10 * ONE_ETH)]) market.reserve_contract.withdraw(caller=eve.account) print("[+] Eve called support") check_balance(m, market, eve) print(f"[+] Look for results in {m.workspace}")
def _run_test_case_on_contract(self, contract_code, conc_txs): m2 = ManticoreEVM() owner_account = m2.create_account( balance=10**10, name="owner", address=self._main_evm.accounts.get('owner').address) attacker_account = m2.create_account( balance=10**10, name="attacker", address=self._main_evm.accounts.get('attacker').address) try: call_args = get_argument_from_create_transaction( self._main_evm, conc_txs[0]) create_value = m2.make_symbolic_value() m2.constrain(create_value == conc_txs[0].value) contract_account = solidity_create_contract_with_zero_price( m2, contract_code, owner=owner_account, args=call_args, balance=create_value, gas=0, ) except Exception as e: return m2 for conc_tx in conc_txs[1:]: try: m2.transaction( caller=conc_tx.caller, address=contract_account, value=conc_tx.value, data=conc_tx. data, # data has all needed metadata like function id ([:4]) and argument passed to function gas=0, price=0) except Exception as e: return m2 return m2
si_level_address = int(sys.argv[2], 16) if len(sys.argv)>2 else "<SI ctf level address>" sol_file = sys.argv[3] if len(sys.argv)>3 else "../SI_ctf_levels/Lottery.sol" gas = 100000 # Set the amount of ETH you want to obtain from the contract contract_balance = ??? # Set the amount of ETH we need to send in our transaction (msg.value) to play. msg_value = ??? # Read in the contract source with open(sol_file, "r") as f: contract_src = f.read() # Instantiate manticore's Ethereum Virtual Machine m = ManticoreEVM() # m.verbosity(0) # Create an account for your wallet address on the EVM with funds to # both deploy the contract and to play the lottery user_account = m.create_account(address=from_address, balance=contract_balance+msg_value) # Create the Lottery CTF level contract on the EVM using wallet contract_account = m.solidity_create_contract( contract_src, contract_name="Lottery", owner=user_account, balance=contract_balance, args=(0,0) )
def setUp(self): self.mevm = ManticoreEVM() self.mevm.verbosity(0) self.worksp = self.mevm.workspace
def setUp(self): self.mevm = ManticoreEVM() self.mevm.register_plugin(KeepOnlyIfStorageChanges()) self.mevm.verbosity(0) self.worksp = self.mevm.workspace
from manticore.ethereum import ManticoreEVM from manticore.core.smtlib import Operators, solver from manticore.ethereum.abi import ABI ETHER = 10**18 m = ManticoreEVM() # initiate the blockchain # Generate the accounts user_account = m.create_account(balance=1000 * ETHER) with open('exercise_2.sol') as f: contract = m.solidity_create_contract(f, owner=user_account) #First add won't overflow uint256 representation value_0 = m.make_symbolic_value() contract.add(value_0, caller=user_account) #Potential overflow value_1 = m.make_symbolic_value() contract.add(value_1, caller=user_account) contract.sellerBalance(caller=user_account) for state in m.ready_states: # Check if input0 > sellerBalance # last_return is the data returned sellerBalance_tx = state.platform.transactions[-1] # retrieve last_return and input0 in a similar format seller_balance = ABI.deserialize("uint", sellerBalance_tx.return_data) condition = Operators.UGT(value_0, seller_balance)
def test(): #!/usr/bin/env python # -*- coding: utf-8 -*- __author__ = "Raz0r" __email__ = "*****@*****.**" """ This is a solution to the PolySwarm's smart contract hacking challenge done with manticore. Please refer to https://raz0r.name/writeups/polyswarm-smart-contract-hacking-challenge-writeup/ for a complete walk through. """ import binascii from manticore.ethereum import ManticoreEVM, ABI m = ManticoreEVM() m.context["solved"] = False # Set up accounts with original addresses owner_account = m.create_account( balance=1000, name="owner", address=0xBC7DDD20D5BCEB395290FD7CE3A9DA8D8B485559) attacker_account = m.create_account( balance=1000, name="attacker", address=0x762C808237A69D786A85E8784DB8C143EB70B2FB, ) cashmoney_contract = m.create_account( balance=1000, name="CashMoney", address=0x64BA926175BC69BA757EF53A6D5EF616889C9999, ) # Create WinnerLog contract using its init bytecode file = "" if __name__ == "__main__": file = "winnerlog.bin" else: file = "test_polyswarm_challenge/winnerlog.bin" with open(file, "rb") as f: bytecode = f.read() winnerlog_contract = m.create_contract( init=bytecode, owner=owner_account, name="WinnerLog", address=0x2E4D2A597A2FCBDF6CC55EB5C973E76AA19AC410, ) # Allow cashmoney_contract to call logWinner() on winnerlog_contract m.transaction( caller=owner_account, address=winnerlog_contract, data=binascii.unhexlify( b"c3e8512400000000000000000000000064ba926175bc69ba757ef53a6d5ef616889c9999" ), value=0, ) # Prepare symbready_statesand call logWinner() with that symbolic buffer symbolic_data = m.make_symbolic_buffer(64) calldata = ABI.function_call("logWinner(address,uint256,bytes)", attacker_account, 0, symbolic_data) m.transaction( caller=cashmoney_contract, address=winnerlog_contract, data=calldata, value=0, gas=10000000, ) # Look for a running state that is not reverted for state in m.ready_states: world = state.platform result = state.solve_one(symbolic_data) print("[+] FOUND: {}".format(binascii.hexlify(result))) with m.locked_context() as context: context["solved"] = True break assert m.context["solved"]
def setUp(self): self.mevm = ManticoreEVM()
def manticore_verifier( source_code, contract_name, maxfail=None, maxt=3, maxcov=100, deployer=None, senders=None, psender=None, propre=r"crytic_.*", compile_args=None, outputspace_url=None, timeout=100, ): """ Verify solidity properties The results are dumped to stdout and to the workspace folder. $manticore-verifier property.sol --contract TestToken --smt.solver yices --maxt 4 # Owner account: 0xf3c67ffb8ab4cdd4d3243ad247d0641cd24af939 # Contract account: 0x6f4b51ac2eb017600e9263085cfa06f831132c72 # Sender_0 account: 0x97528a0c7c6592772231fd581e5b42125c1a2ff4 # PSender account: 0x97528a0c7c6592772231fd581e5b42125c1a2ff4 # Found 2 properties: crytic_test_must_revert, crytic_test_balance # Exploration will stop when some of the following happens: # * 4 human transaction sent # * Code coverage is greater than 100% meassured on target contract # * No more coverage was gained in the last transaction # * At least 2 different properties where found to be breakable. (1 for fail fast) # * 240 seconds pass # Starting exploration... Transactions done: 0. States: 1, RT Coverage: 0.0%, Failing properties: 0/2 Transactions done: 1. States: 2, RT Coverage: 55.43%, Failing properties: 0/2 Transactions done: 2. States: 8, RT Coverage: 80.48%, Failing properties: 1/2 Transactions done: 3. States: 30, RT Coverage: 80.48%, Failing properties: 1/2 No coverage progress. Stopping exploration. Coverage obtained 80.48%. (RT + prop) +-------------------------+------------+ | Property Named | Status | +-------------------------+------------+ | crytic_test_balance | failed (0) | | crytic_test_must_revert | passed | +-------------------------+------------+ Checkout testcases here:./mcore_6jdil7nh :param maxfail: stop after maxfail properties are failing. All if None :param maxcov: Stop after maxcov % coverage is obtained in the main contract :param maxt: Max transaction count to explore :param deployer: (optional) address of account used to deploy the contract :param senders: (optional) a list of calles addresses for the exploration :param psender: (optional) address from where the property is tested :param source_code: A filename or source code :param contract_name: The target contract name defined in the source code :param propre: A regular expression for selecting properties :param outputspace_url: where to put the extended result :param timeout: timeout in seconds :return: """ # Termination condition # Exploration will stop when some of the following happens: # * MAXTX human transaction sent # * Code coverage is greater than MAXCOV meassured on target contract # * No more coverage was gained in the last transaction # * At least MAXFAIL different properties where found to be breakable. (1 for fail fast) # Max transaction count to explore MAXTX = maxt # Max coverage % to get MAXCOV = maxcov # Max different properties fails MAXFAIL = maxfail config.get_group("smt").timeout = 120 config.get_group("smt").memory = 16384 config.get_group("evm").ignore_balance = True config.get_group("evm").oog = "ignore" print("# Welcome to manticore-verifier") # Main manticore manager object m = ManticoreEVM() # avoid all human level tx that are marked as constant (have no effect on the storage) filter_out_human_constants = FilterFunctions(regexp=r".*", depth="human", mutability="constant", include=False) m.register_plugin(filter_out_human_constants) filter_out_human_constants.disable() # Avoid automatically exploring property filter_no_crytic = FilterFunctions(regexp=propre, include=False) m.register_plugin(filter_no_crytic) filter_no_crytic.disable() # Only explore properties (at human level) filter_only_crytic = FilterFunctions(regexp=propre, depth="human", fallback=False, include=True) m.register_plugin(filter_only_crytic) filter_only_crytic.disable() # And now make the contract account to analyze # User accounts. Transactions trying to break the property are send from one # of this senders = (None, ) if senders is None else senders user_accounts = [] for n, address_i in enumerate(senders): user_accounts.append( m.create_account(balance=10**10, address=address_i, name=f"sender_{n}")) # the address used for deployment owner_account = m.create_account(balance=10**10, address=deployer, name="deployer") # the target contract account contract_account = m.solidity_create_contract( source_code, owner=owner_account, contract_name=contract_name, compile_args=compile_args, name="contract_account", ) # the address used for checking porperties checker_account = m.create_account(balance=10**10, address=psender, name="psender") print(f"# Owner account: 0x{int(owner_account):x}") print(f"# Contract account: 0x{int(contract_account):x}") for n, user_account in enumerate(user_accounts): print(f"# Sender_{n} account: 0x{int(user_account):x}") print(f"# PSender account: 0x{int(checker_account):x}") properties = {} md = m.get_metadata(contract_account) for func_hsh in md.function_selectors: func_name = md.get_abi(func_hsh)["name"] if re.match(propre, func_name): properties[func_name] = [] print( f"# Found {len(properties)} properties: {', '.join(properties.keys())}" ) if not properties: print("I am sorry I had to run the init bytecode for this.\n" "Good Bye.") return MAXFAIL = len(properties) if MAXFAIL is None else MAXFAIL tx_num = 0 # transactions count current_coverage = None # obtained coverge % new_coverage = 0.0 print(f"""# Exploration will stop when some of the following happens: # * {MAXTX} human transaction sent # * Code coverage is greater than {MAXCOV}% meassured on target contract # * No more coverage was gained in the last transaction # * At least {MAXFAIL} different properties where found to be breakable. (1 for fail fast) # * {timeout} seconds pass""") print("# Starting exploration...") print( f"Transactions done: {tx_num}. States: {m.count_ready_states()}, RT Coverage: {0.00}%, " f"Failing properties: 0/{len(properties)}") with m.kill_timeout(timeout=timeout): while not m.is_killed(): # check if we found a way to break more than MAXFAIL properties broken_properties = sum( int(len(x) != 0) for x in properties.values()) if broken_properties >= MAXFAIL: print( f"Found {broken_properties}/{len(properties)} failing properties. Stopping exploration." ) break # check if we sent more than MAXTX transaction if tx_num >= MAXTX: print(f"Max number of transactions reached ({tx_num})") break tx_num += 1 # check if we got enough coverage new_coverage = m.global_coverage(contract_account) if new_coverage >= MAXCOV: print( f"Current coverage({new_coverage}%) is greater than max allowed ({MAXCOV}%). Stopping exploration." ) break # check if we have made coverage progress in the last transaction if current_coverage == new_coverage: print(f"No coverage progress. Stopping exploration.") break current_coverage = new_coverage # Make sure we didn't time out before starting first transaction if m.is_killed(): print("Cancelled or timeout.") break # Explore all methods but the "crytic_" properties # Note: you may be tempted to get all valid function ids/hashes from the # metadata and to constrain the first 4 bytes of the calldata here. # This wont work because we also want to prevent the contract to call # crytic added methods as internal transactions filter_no_crytic.enable() # filter out crytic_porperties filter_out_human_constants.enable() # Exclude constant methods filter_only_crytic.disable( ) # Exclude all methods that are not property checks symbolic_data = m.make_symbolic_buffer(320) symbolic_value = m.make_symbolic_value() caller_account = m.make_symbolic_value(160) args = tuple( (caller_account == address_i for address_i in user_accounts)) m.constrain(OR(*args, False)) m.transaction( caller=caller_account, address=contract_account, value=symbolic_value, data=symbolic_data, ) # check if timeout was requested during the previous transaction if m.is_killed(): print("Cancelled or timeout.") break m.clear_terminated_states() # no interest in reverted states m.take_snapshot() # make a copy of all ready states print( f"Transactions done: {tx_num}. States: {m.count_ready_states()}, " f"RT Coverage: {m.global_coverage(contract_account):3.2f}%, " f"Failing properties: {broken_properties}/{len(properties)}") # check if timeout was requested while we were taking the snapshot if m.is_killed(): print("Cancelled or timeout.") break # And now explore all properties (and only the properties) filter_no_crytic.disable() # Allow crytic_porperties filter_out_human_constants.disable( ) # Allow them to be marked as constants filter_only_crytic.enable( ) # Exclude all methods that are not property checks symbolic_data = m.make_symbolic_buffer(4) m.transaction(caller=checker_account, address=contract_account, value=0, data=symbolic_data) for state in m.all_states: world = state.platform tx = world.human_transactions[-1] md = m.get_metadata(tx.address) """ A is _broken_ if: * is normal property * RETURN False OR: * property name ends with 'revert' * does not REVERT Property is considered to _pass_ otherwise """ N = constrain_to_known_func_ids(state) for func_id in map(bytes, state.solve_n(tx.data[:4], nsolves=N)): func_name = md.get_abi(func_id)["name"] if not func_name.endswith("revert"): # Property does not ends in "revert" # It must RETURN a 1 if tx.return_value == 1: # TODO: test when property STOPs return_data = ABI.deserialize( "bool", tx.return_data) testcase = m.generate_testcase( state, f"property {md.get_func_name(func_id)} is broken", only_if=AND(tx.data[:4] == func_id, return_data == 0), ) if testcase: properties[func_name].append(testcase.num) else: # property name ends in "revert" so it MUST revert if tx.result != "REVERT": testcase = m.generate_testcase( state, f"Some property is broken did not reverted.(MUST REVERTED)", only_if=tx.data[:4] == func_id, ) if testcase: properties[func_name].append(testcase.num) m.clear_terminated_states( ) # no interest in reverted states for now! m.goto_snapshot() else: print("Cancelled or timeout.") m.clear_terminated_states() m.clear_ready_states() m.clear_snapshot() if m.is_killed(): print("Exploration ended by CTRL+C or timeout") print(f"Coverage obtained {new_coverage:3.2f}%. (RT + prop)") x = PrettyTable() x.field_names = ["Property Named", "Status"] for name, testcases in sorted(properties.items()): result = "passed" if testcases: result = f"failed ({testcases[0]})" x.add_row((name, result)) print(x) m.clear_ready_states() workspace = os.path.abspath(m.workspace)[len(os.getcwd()) + 1:] print(f"Checkout testcases here:./{workspace}")
def init_workspace(test_name, cpus=1): workspace = test_name assert not isdir(workspace), "Workspace folder already exists" m = ManticoreEVM(procs=cpus, workspace_url=workspace) m.verbosity(3) return m
def __run_manticore(self, trace): self.print('[.] Running Manticore') consts = manticoreConfig.get_group('core') consts.procs = self.procs output_path = self.__create_output_path() manticore = ManticoreEVM(workspace_url=output_path) if self.force_loop_limit: loop_delimiter = LoopDepthLimiter( loop_count_threshold=self.loop_limit) manticore.register_plugin(loop_delimiter) if self.avoid_constant_txs: filter_nohuman_constants = FilterFunctions(regexp=r'.*', depth='human', mutability='constant', include=False) manticore.register_plugin(filter_nohuman_constants) self.print('[...] Creating user accounts') for num in range(0, self.amount_user_accounts): account_name = 'user_account_' + str(num) manticore.create_account(balance=self.user_initial_balance, name=account_name) self.print('[...] Creating a contract and its library dependencies') with open(self.contract_path, 'r') as contract_file: source_code = contract_file.read() try: contract_account = manticore.solidity_create_contract( source_code, owner=manticore.get_account('user_account_0'), args=self.contract_args, contract_name=self.contract_name) except: raise Exception('Check contract arguments') if contract_account is None: raise Exception( 'Contract account is None, check contract arguments') self.print('[...] Calling functions in trace') function_types = {} function_signatures = manticore.get_metadata( contract_account).function_signatures for signature in function_signatures: signature_parts = signature.split('(') name = str(signature_parts[0]) types = str(signature_parts[1].replace(')', '')) function_types[name] = types for function_name in trace: if function_name == '': # FIXME, check VeriSol trace manticore.transaction(caller=manticore.make_symbolic_address(), address=contract_account, value=manticore.make_symbolic_value(), data=manticore.make_symbolic_buffer( self.fallback_data_size)) else: function_to_call = getattr(contract_account, function_name) types = function_types[function_name] if len(types) > 0: function_to_call( manticore.make_symbolic_arguments( function_types[function_name])) else: function_to_call() self.print('[...] Processing output') throw_states = [] for state in manticore.terminated_states: if str(state.context['last_exception']) == 'THROW': throw_states.append(state) if len(throw_states) == 0: raise Exception('Manticore couldn\'t confirm the counterexample') if self.verbose: for state in throw_states: manticore.generate_testcase(state) self.print('[-] Look for full output in:', manticore.workspace)
def setUp(self): evm_consts = config.get_group("evm") evm_consts.sha3 = evm_consts.sha3.concretize self.mevm = ManticoreEVM() self.worksp = self.mevm.workspace
def setUp(self): self.mevm = ManticoreEVM() self.worksp = self.mevm.workspace