Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

finding attack vector of CrossReentrancy is very Time-consuming

See original GitHub issue

Hi,

//SPDX-License-Identifier: MIT

pragma solidity ^0.4.0;
contract CrossReentrancy {

    // INSECURE
    mapping (address => uint) private userBalances;

    function transfer(address to, uint amount) public {
        if (userBalances[msg.sender] >= amount) {
            userBalances[to] += amount;
            userBalances[msg.sender] -= amount;
        }
    }

    function withdrawBalance() public {
        uint amountToWithdraw = userBalances[msg.sender];
        // <yes> <report> REENTRANCY
        (bool success, ) = msg.sender.call.value(amountToWithdraw)(""); // At this point, the caller's code is executed, and can call transfer()
        require(success);
        userBalances[msg.sender] = 0;
    }

    function deposit() public payable{
        userBalances[msg.sender]+=msg.value;
    }
}

myth version 0.42 (last version)

Issue Analytics

State:
Created a year ago
Comments:42

Top GitHub Comments

1reaction

norhhcommented, Apr 23, 2022

Hi @emretepedev, This is the expected behavior, as it should take quite some time to run on such contracts. Mythril is a symbolic execution engine, it translates bytecode into SMT queries to check for issues, these SMT queries are usually complex to solve, hence the time.

1reaction

BuggerBagcommented, Apr 20, 2022

Hi, I solve the problem. the Mythril wasn’t installed entirely and a few packages have been broken. 😃 / thank you @norhh