This repository has been archived by the owner on Mar 18, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Mythril tool security analysis
Brecht Devos edited this page Aug 27, 2018
·
1 revision
Output from Mythril on protocol V2 code:
# Analysis result for Exchange
No issues found.
# Analysis result for AddressUtil
No issues found.
# Analysis result for OrderRegistry
No issues found.
# Analysis result for OrderSpec
No issues found.
# Analysis result for BrokerRegistry:
==== Exception state ====
Type: Informational
Contract: BrokerRegistry
Function name: getBroker(address,address)
PC address: 687
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: BrokerRegistry.sol:53
brokersMap[owner][pos - 1]
--------------------
==== Exception state ====
Type: Informational
Contract: BrokerRegistry
Function name: brokersMap(address,uint256)
PC address: 1332
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: BrokerRegistry.sol:34
mapping (address => Broker[]) public brokersMap
--------------------
==== Exception state ====
Type: Informational
Contract: BrokerRegistry
Function name: unregisterBroker(address)
PC address: 1656
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: BrokerRegistry.sol:137
brokers[pos - 1]
--------------------
==== Integer Overflow ====
Type: Warning
Contract: BrokerRegistry
Function name: unregisterAllBrokers()
PC address: 2847
A possible integer overflow exists in the function `unregisterAllBrokers()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: BrokerRegistry.sol:27
contract BrokerRegistry is IBrokerRegistry, NoDefaultFunc {
struct Broker {
address owner;
address addr;
address interceptor;
}
mapping (address => Broker[]) public brokersMap;
mapping (address => mapping (address => uint)) public positionMap;
function getBroker(
address owner,
address addr
)
external
view
returns(
bool registered,
address interceptor
)
{
uint pos = positionMap[owner][addr];
if (pos == 0) {
registered = false;
} else {
registered = true;
Broker storage broker = brokersMap[owner][pos - 1];
interceptor = broker.interceptor;
}
}
function getBrokers(
address owner,
uint start,
uint count
)
external
view
returns (
address[] brokers,
address[] interceptors
)
{
Broker[] storage _brokers = brokersMap[owner];
uint size = _brokers.length;
if (start >= size) {
return;
}
uint end = start + count;
if (end > size) {
end = size;
}
brokers = new address[](end - start);
interceptors = new address[](end - start);
for (uint i = start; i < end; i++) {
brokers[i - start] = _brokers[i].addr;
interceptors[i - start] = _brokers[i].interceptor;
}
}
function registerBroker(
address broker,
address interceptor // 0x0 allowed
)
external
{
require(0x0 != broker, "bad broker");
require(
0 == positionMap[msg.sender][broker],
"broker already exists"
);
if (interceptor != 0x0) {
require(isContract(interceptor), "interceptor is not a contract");
}
Broker[] storage brokers = brokersMap[msg.sender];
Broker memory b = Broker(
msg.sender,
broker,
interceptor
);
brokers.push(b);
positionMap[msg.sender][broker] = brokers.length;
emit BrokerRegistered(
msg.sender,
broker,
interceptor
);
}
function unregisterBroker(
address addr
)
external
{
require(0x0 != addr, "bad broker");
uint pos = positionMap[msg.sender][addr];
require(pos != 0, "broker not found");
Broker[] storage brokers = brokersMap[msg.sender];
uint size = brokers.length;
address interceptor = brokers[pos - 1].interceptor;
if (pos != size) {
Broker storage lastOne = brokers[size - 1];
brokers[pos - 1] = lastOne;
positionMap[lastOne.owner][lastOne.addr] = pos;
}
brokers.length -= 1;
delete positionMap[msg.sender][addr];
emit BrokerUnregistered(
msg.sender,
addr,
interceptor
);
}
function unregisterAllBrokers(
)
external
{
Broker[] storage brokers = brokersMap[msg.sender];
for (uint i = 0; i < brokers.length; i++) {
delete positionMap[msg.sender][brokers[i].addr];
}
delete brokersMap[msg.sender];
emit AllBrokersUnregistered(msg.sender);
}
// Currently here to work around InternalCompilerErrors when implemented
// in a library. Because extcodesize is used the function cannot be pure,
// so view is used which sometimes gives InternalCompilerErrors when
// combined with internal.
function isContract(
address addr
)
public
view
returns (bool)
{
if (addr == 0x0) {
return false;
} else {
uint size;
assembly { size := extcodesize(addr) }
return size > 0;
}
}
}
--------------------
# Analysis result for IOrderInterceptor
No issues found.
# Analysis result for MathUint
No issues found.
# Analysis result for OrderBook:
==== Exception state ====
Type: Informational
Contract: OrderBook
Function name: fallback
PC address: 306
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: OrderBook.sol:28
[email protected]>.
/// @author Kongliang Z
--------------------
==== Integer Overflow ====
Type: Warning
Contract: OrderBook
Function name: getOrderData(bytes32)
PC address: 1270
A possible integer overflow exists in the function `getOrderData(bytes32)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: OrderBook.sol:86
return orders[orderHash]
--------------------
==== Integer Overflow ====
Type: Warning
Contract: OrderBook
Function name: getOrderData(bytes32)
PC address: 1272
A possible integer overflow exists in the function `getOrderData(bytes32)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: OrderBook.sol:86
return orders[orderHash]
--------------------
# Analysis result for TaxHelper
No issues found.
# Analysis result for OrderSpecs
No issues found.
# Analysis result for RingSpecs
No issues found.
# Analysis result for NoDefaultFunc
No issues found.
# Analysis result for FeeHolder
No issues found.
# Analysis result for TokenRegistry:
==== Integer Overflow ====
Type: Warning
Contract: TokenRegistry
Function name: fallback
PC address: 911
A possible integer overflow exists in the function `fallback`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: TokenRegistry.sol:3
opring Project Ltd
--------------------
==== Integer Overflow ====
Type: Warning
Contract: TokenRegistry
Function name: registerAgency(address)
PC address: 1488
A possible integer overflow exists in the function `registerAgency(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: TokenRegistry.sol:3
opring Project Ltd
--------------------
==== Exception state ====
Type: Informational
Contract: TokenRegistry
Function name: agencies(uint256)
PC address: 1662
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: TokenRegistry.sol:28
org>,
/// @author Daniel
--------------------
==== Exception state ====
Type: Informational
Contract: TokenRegistry
Function name: tokens(uint256)
PC address: 1903
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: TokenRegistry.sol:29
<[email protected]>.
--------------------
# Analysis result for MathBytes32
No issues found.
# Analysis result for ERC20Token:
==== Integer Overflow ====
Type: Warning
Contract: ERC20Token
Function name: fallback
PC address: 635
A possible integer overflow exists in the function `fallback`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: ERC20Token.sol:32
string public name
--------------------
==== Integer Overflow ====
Type: Warning
Contract: ERC20Token
Function name: symbol()
PC address: 1737
A possible integer overflow exists in the function `symbol()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: ERC20Token.sol:33
string public symbol
--------------------
# Analysis result for DummyAgency:
==== Message call to external contract ====
Type: Informational
Contract: DummyAgency
Function name: fallback
PC address: 315
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
In file: DummyAgency.sol:42
ITokenRegistry(tokenRegistryAddress).registerToken(addr)
--------------------
# Analysis result for MinerRegistry:
==== Integer Overflow ====
Type: Warning
Contract: MinerRegistry
Function name: fallback
PC address: 573
A possible integer overflow exists in the function `fallback`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: MinerRegistry.sol:3
opring Project Ltd
--------------------
==== Exception state ====
Type: Informational
Contract: MinerRegistry
Function name: unregisterMiner(address)
PC address: 972
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: MinerRegistry.sol:91
miners[size - 1]
--------------------
==== Exception state ====
Type: Informational
Contract: MinerRegistry
Function name: unregisterMiner(address)
PC address: 1060
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: MinerRegistry.sol:92
miners[pos - 1]
--------------------
==== Exception state ====
Type: Informational
Contract: MinerRegistry
Function name: minersMap(address,uint256)
PC address: 1657
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: MinerRegistry.sol:27
stry is IMinerRegistry, NoDefaultFunc {
ma
--------------------
==== Integer Overflow ====
Type: Warning
Contract: MinerRegistry
Function name: unregisterMiner(address)
PC address: 1727
A possible integer overflow exists in the function `unregisterMiner(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: MinerRegistry.sol:27
contract MinerRegistry is IMinerRegistry, NoDefaultFunc {
mapping (address => mapping (address => uint)) private positionMap;
function isMinerRegistered(
address feeRecipient,
address miner
)
external
view
returns(bool)
{
return (positionMap[feeRecipient][miner] > 0);
}
function getMiners(
address feeRecipient,
uint start,
uint count
)
external
view
returns (address[] miners)
{
require(false, "not implemented");
return;
}
function registerMiner(
address miner
)
external
{
require(0x0 != miner, "bad miner");
require(
0 == positionMap[msg.sender][miner],
"miner already exists"
);
address[] storage miners = minersMap[msg.sender];
miners.push(miner);
positionMap[msg.sender][miner] = miners.length;
emit MinerRegistered(
msg.sender,
miner
);
}
function unregisterMiner(
address addr
)
external
{
require(0x0 != addr, "bad miner");
uint pos = positionMap[msg.sender][addr];
require(pos != 0, "broker not found");
address[] storage miners = minersMap[msg.sender];
uint size = miners.length;
if (pos != size) {
address lastOne = miners[size - 1];
miners[pos - 1] = lastOne;
positionMap[msg.sender][lastOne] = pos;
}
miners.length -= 1;
delete positionMap[msg.sender][addr];
emit MinerUnregistered(msg.sender, addr);
}
function unregisterAllMiners()
external
{
address[] storage miners = minersMap[msg.sender];
for (uint i = 0; i < miners.length; i++) {
delete positionMap[msg.sender][miners[i]];
}
delete minersMap[msg.sender];
emit AllMinersUnregistered(msg.sender);
}
}
--------------------
==== Integer Overflow ====
Type: Warning
Contract: MinerRegistry
Function name: unregisterMiner(address)
PC address: 1730
A possible integer overflow exists in the function `unregisterMiner(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: MinerRegistry.sol:27
contract MinerRegistry is IMinerRegistry, NoDefaultFunc {
mapping (address => mapping (address => uint)) private positionMap;
function isMinerRegistered(
address feeRecipient,
address miner
)
external
view
returns(bool)
{
return (positionMap[feeRecipient][miner] > 0);
}
function getMiners(
address feeRecipient,
uint start,
uint count
)
external
view
returns (address[] miners)
{
require(false, "not implemented");
return;
}
function registerMiner(
address miner
)
external
{
require(0x0 != miner, "bad miner");
require(
0 == positionMap[msg.sender][miner],
"miner already exists"
);
address[] storage miners = minersMap[msg.sender];
miners.push(miner);
positionMap[msg.sender][miner] = miners.length;
emit MinerRegistered(
msg.sender,
miner
);
}
function unregisterMiner(
address addr
)
external
{
require(0x0 != addr, "bad miner");
uint pos = positionMap[msg.sender][addr];
require(pos != 0, "broker not found");
address[] storage miners = minersMap[msg.sender];
uint size = miners.length;
if (pos != size) {
address lastOne = miners[size - 1];
miners[pos - 1] = lastOne;
positionMap[msg.sender][lastOne] = pos;
}
miners.length -= 1;
delete positionMap[msg.sender][addr];
emit MinerUnregistered(msg.sender, addr);
}
function unregisterAllMiners()
external
{
address[] storage miners = minersMap[msg.sender];
for (uint i = 0; i < miners.length; i++) {
delete positionMap[msg.sender][miners[i]];
}
delete minersMap[msg.sender];
emit AllMinersUnregistered(msg.sender);
}
}
--------------------
==== Integer Overflow ====
Type: Warning
Contract: MinerRegistry
Function name: unregisterAllMiners()
PC address: 1759
A possible integer overflow exists in the function `unregisterAllMiners()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: MinerRegistry.sol:27
contract MinerRegistry is IMinerRegistry, NoDefaultFunc {
mapping (address => mapping (address => uint)) private positionMap;
function isMinerRegistered(
address feeRecipient,
address miner
)
external
view
returns(bool)
{
return (positionMap[feeRecipient][miner] > 0);
}
function getMiners(
address feeRecipient,
uint start,
uint count
)
external
view
returns (address[] miners)
{
require(false, "not implemented");
return;
}
function registerMiner(
address miner
)
external
{
require(0x0 != miner, "bad miner");
require(
0 == positionMap[msg.sender][miner],
"miner already exists"
);
address[] storage miners = minersMap[msg.sender];
miners.push(miner);
positionMap[msg.sender][miner] = miners.length;
emit MinerRegistered(
msg.sender,
miner
);
}
function unregisterMiner(
address addr
)
external
{
require(0x0 != addr, "bad miner");
uint pos = positionMap[msg.sender][addr];
require(pos != 0, "broker not found");
address[] storage miners = minersMap[msg.sender];
uint size = miners.length;
if (pos != size) {
address lastOne = miners[size - 1];
miners[pos - 1] = lastOne;
positionMap[msg.sender][lastOne] = pos;
}
miners.length -= 1;
delete positionMap[msg.sender][addr];
emit MinerUnregistered(msg.sender, addr);
}
function unregisterAllMiners()
external
{
address[] storage miners = minersMap[msg.sender];
for (uint i = 0; i < miners.length; i++) {
delete positionMap[msg.sender][miners[i]];
}
delete minersMap[msg.sender];
emit AllMinersUnregistered(msg.sender);
}
}
--------------------
# Analysis result for BrokerInterceptorProxy
No issues found.
# Analysis result for DummyBrokerInterceptor:
==== Integer Overflow ====
Type: Warning
Contract: DummyBrokerInterceptor
Function name: submitRingsData()
PC address: 942
A possible integer overflow exists in the function `submitRingsData()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: DummyBrokerInterceptor.sol:31
bytes public submitRingsData
--------------------
# Analysis result for MathUint8
No issues found.
# Analysis result for EncodeSpec
No issues found.
# Analysis result for MiningHelper
No issues found.
# Analysis result for MultihashUtil
No issues found.
# Analysis result for TransferableMultsig:
==== Exception state ====
Type: Informational
Contract: TransferableMultsig
Function name: fallback
PC address: 296
A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
--------------------
In file: TransferableMultsig.sol:31
address[] public owners
--------------------
# Analysis result for TokenFactoryImpl
No issues found.
# Analysis result for OrderHelper
No issues found.
# Analysis result for ParticipationSpec
No issues found.
# Analysis result for MiningSpec
No issues found.
# Analysis result for Data
No issues found.
# Analysis result for Claimable
No issues found.
# Analysis result for StringUtil
No issues found.
# Analysis result for MemoryUtil
No issues found.
# Analysis result for TradeDelegate
No issues found.
# Analysis result for Ownable
No issues found.
# Analysis result for DummyToken:
==== Integer Overflow ====
Type: Warning
Contract: DummyToken
Function name: fallback
PC address: 723
A possible integer overflow exists in the function `fallback`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: DummyToken.sol:34
) ERC20Token(
--------------------
==== Integer Overflow ====
Type: Warning
Contract: DummyToken
Function name: symbol()
PC address: 1937
A possible integer overflow exists in the function `symbol()`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: DummyToken.sol:35
name,
_symbol
--------------------
# Analysis result for BytesUtil
No issues found.
# Analysis result for IMinerInterceptor
No issues found.
# Analysis result for ParticipationHelper
No issues found.
# Analysis result for ERC20SafeTransfer
No issues found.
# Analysis result for ExchangeDeserializer
No issues found.
# Analysis result for SymbolRegistry:
==== Integer Overflow ====
Type: Warning
Contract: SymbolRegistry
Function name: unregisterSymbol(address)
PC address: 732
A possible integer overflow exists in the function `unregisterSymbol(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: SymbolRegistry.sol:60
bytes(symbol).length
--------------------
==== Integer Overflow ====
Type: Warning
Contract: SymbolRegistry
Function name: addressToSymbolMap(address)
PC address: 2003
A possible integer overflow exists in the function `addressToSymbolMap(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: SymbolRegistry.sol:31
mapping (address => string) public addressToSymbolMap
--------------------
==== Integer Overflow ====
Type: Warning
Contract: SymbolRegistry
Function name: getSymbolByAddress(address)
PC address: 2211
A possible integer overflow exists in the function `getSymbolByAddress(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: SymbolRegistry.sol:85
return addressToSymbolMap[addr]
--------------------
==== Integer Overflow ====
Type: Warning
Contract: SymbolRegistry
Function name: unregisterSymbol(address)
PC address: 2600
A possible integer overflow exists in the function `unregisterSymbol(address)`.
The addition or multiplication may result in a value higher than the maximum representable integer.
--------------------
In file: SymbolRegistry.sol:28
contract SymbolRegistry is ISymbolRegistry, Claimable, NoDefaultFunc {
mapping (string => address) private symbolToAddressMap;
mapping (address => string) public addressToSymbolMap;
function registerSymbol(
address addr,
string symbol
)
onlyOwner
external
{
require(0x0 != addr, "bad address");
require(bytes(symbol).length > 0, "empty symbol");
require(0x0 == symbolToAddressMap[symbol], "symbol registered");
require(0 == bytes(addressToSymbolMap[addr]).length, "address registered");
addressToSymbolMap[addr] = symbol;
symbolToAddressMap[symbol] = addr;
emit SymbolRegistered(addr, symbol);
}
function unregisterSymbol(
address addr
)
onlyOwner
external
{
require(addr != 0x0, "bad token address ");
string storage symbol = addressToSymbolMap[addr];
require(bytes(symbol).length > 0, "address has no symbol");
delete symbolToAddressMap[symbol];
delete addressToSymbolMap[addr];
emit SymbolUnregistered(addr, symbol);
}
function getAddressBySymbol(
string symbol
)
external
view
returns (address)
{
return symbolToAddressMap[symbol];
}
function getSymbolByAddress(
address addr
)
external
view
returns (string)
{
return addressToSymbolMap[addr];
}
}
--------------------
# Analysis result for IRingInterceptor
No issues found.
# Analysis result for RingHelper
No issues found.
# Analysis result for InputsHelper
No issues found.