Created
January 16, 2019 08:53
-
-
Save muellerberndt/4f675e6200eda75b38e0785c631ee513 to your computer and use it in GitHub Desktop.
Constantinople reentrancy check - https://github.com/ConsenSys/mythril-classic/tree/constantinope-reentrancy-check
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ $MYTH -t1 -m constantinople_bug_1,constantinople_bug_2 -x PaymentSharer.sol | |
==== State write for 1600 gas or less ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: PaymentSharer | |
Function name: deposit(uint256) | |
PC address: 330 | |
Estimated Gas Usage: 947 - 26032 | |
Caller can modify state for 1600 gas or less. | |
The planned Constantinople hard fork reduces the gas cost for writing to state variables that have been written to in the same transaction. In some cases this may cause re-rentrancy vulnerabilities in previously safe contracts. | |
-------------------- | |
In file: PaymentSharer.sol:16 | |
function deposit(uint id) public payable { | |
deposits[id] += msg.value; | |
} | |
-------------------- | |
==== State write for 1600 gas or less ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: PaymentSharer | |
Function name: updateSplit(uint256,uint256) | |
PC address: 399 | |
Estimated Gas Usage: 636 - 25721 | |
Caller can modify state for 1600 gas or less. | |
The planned Constantinople hard fork reduces the gas cost for writing to state variables that have been written to in the same transaction. In some cases this may cause re-rentrancy vulnerabilities in previously safe contracts. | |
-------------------- | |
In file: PaymentSharer.sol:20 | |
function updateSplit(uint id, uint split) public { | |
require(split <= 100); | |
splits[id] = split; | |
} | |
-------------------- | |
==== State change after external call ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: PaymentSharer | |
Function name: splitFunds(uint256) | |
PC address: 747 | |
Estimated Gas Usage: 3949 - 65016 | |
State change after external call. | |
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. | |
-------------------- | |
In file: PaymentSharer.sol:36 | |
b.transfer(depo * (100 - splits[id]) / 100) | |
-------------------- | |
$ $MYTH -t1 -m constantinople_bug_1,constantinople_bug_2 -x testingToken.sol | |
==== State write for 1600 gas or less ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: approve(address,uint256) | |
PC address: 346 | |
Estimated Gas Usage: 1150 - 28368 | |
Caller can modify state for 1600 gas or less. | |
The planned Constantinople hard fork reduces the gas cost for writing to state variables that have been written to in the same transaction. In some cases this may cause re-rentrancy vulnerabilities in previously safe contracts. | |
-------------------- | |
In file: testingToken.sol:54 | |
function approve(address _spender, uint256 _value) returns (bool success) { | |
approvalList[msg.sender][_spender]=_value; | |
Approval(msg.sender,_spender,_value); | |
return true; | |
} | |
-------------------- | |
$ $MYTH -t2 -m constantinople_bug_1,constantinople_bug_2 -x testingToken.sol | |
==== State write for 1600 gas or less ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: approve(address,uint256) | |
PC address: 346 | |
Estimated Gas Usage: 1150 - 28368 | |
Caller can modify state for 1600 gas or less. | |
The planned Constantinople hard fork reduces the gas cost for writing to state variables that have been written to in the same transaction. In some cases this may cause re-rentrancy vulnerabilities in previously safe contracts. | |
-------------------- | |
In file: testingToken.sol:54 | |
function approve(address _spender, uint256 _value) returns (bool success) { | |
approvalList[msg.sender][_spender]=_value; | |
Approval(msg.sender,_spender,_value); | |
return true; | |
} | |
-------------------- | |
==== State change after external call ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: agreeToTrade(address) | |
PC address: 4497 | |
Estimated Gas Usage: 4709 - 40460 | |
State change after external call. | |
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. | |
-------------------- | |
In file: testingToken.sol:73 | |
balanceOf[_from] -= tokensOfferedOf[_from] | |
-------------------- | |
==== State change after external call ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: agreeToTrade(address) | |
PC address: 4655 | |
Estimated Gas Usage: 6366 - 67297 | |
State change after external call. | |
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. | |
-------------------- | |
In file: testingToken.sol:74 | |
balanceOf[msg.sender] += (tokensOfferedOf[_from]*(100-tokenTaxRate))/100 | |
-------------------- | |
==== State change after external call ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: agreeToTrade(address) | |
PC address: 4844 | |
Estimated Gas Usage: 8454 - 94895 | |
State change after external call. | |
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. | |
-------------------- | |
In file: testingToken.sol:75 | |
balanceOf[bank] += (tokensOfferedOf[_from]*tokenTaxRate)/100 | |
-------------------- | |
==== State change after external call ==== | |
SWC ID: 107 | |
Severity: Medium | |
Contract: testingToken | |
Function name: agreeToTrade(address) | |
PC address: 4932 | |
Estimated Gas Usage: 9211 - 120972 | |
State change after external call. | |
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. | |
-------------------- | |
In file: testingToken.sol:76 | |
tradeActive[_from] = false | |
-------------------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment