Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

False positive on SUICIDE instruction check

See original GitHub issue

Version: 0.10.13

I’ve tried to parse down a contract to the most minimal working example of a (potential) false positive. In the code below, I’m not sure how the function setFlag can modify the address owner, but myth seems to think I can:

pragma solidity ^0.4.2;

contract TOY  {

    address public owner;
    bool public FLAG;

    modifier checkOwner {
        require(msg.sender == owner);  _;
    }

    function TOY() { owner = msg.sender; }
    function setFlag(bool newFLAG) public { FLAG = newFLAG;  }
    function boom() public checkOwner {
        selfdestruct(owner);
    }
}

When running myth -x TOY.sol I get the output

==== Unchecked SUICIDE ====
Type: Warning
Contract: TOY
Function name: boom()
PC address: 505
The function boom() executes the SUICIDE instruction.
The remaining Ether is sent to a stored address

There is a check on storage index 6. This storage index can be written to by calling the function 'setFlag(bool)'.

Issue Analytics

State:
Created 6 years ago
Comments:9 (6 by maintainers)

Top GitHub Comments

1reaction

JoranHonigcommented, Sep 17, 2018

Works correctly in master, closing

1reaction

thoppecommented, Mar 14, 2018

Version: mythril==0.13.15

Another example, this time of contract code in the wild. 0x0dc568fc30eb731b6551848382e53bdf2c47a230

Type: Warning
Contract: CryptoBetOn
Function name: killContract()
PC address: 1416
The function killContract() executes the SUICIDE instruction. The remaining Ether is sent to a stored address.
There is a check on storage index 6. This storage index can be written to by calling the function 'acceptBet(uint256,uint8)'.

A glance at the linked source show no modification of owner using acceptBet.

Top Results From Across the Web

Suicide screening in schools, primary care and emergency ...

False positives Sensitivity in suicide screening is, therefore, more important than specificity. If an error is to be made, falsely labeling someone as...

Screening Options - Zero Suicide

In a Zero Suicide organization, all patients are screened for suicide risk on their first contact with the organization and at every subsequent...

Suicidal behaviour predicted by blood test showing gene ...

Variations in gene activity seem to indicate when someone is considering suicide. A test for it could save lives – and shake up...

Step by Step Instructions - OnlineStatBook

85 and a false positive rate of 0.10. Further suppose that the rate of suicide attempts in a college were 0.05. If the...

Suicide Screening and Assessment

identify adults at risk for suicide tend to produce a high rate of false positives—that is, they incorrectly attribute suicide risk to people...