Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Mythril reports different outputs for the same input

See original GitHub issue

Describe the bug Mythril produces two different outputs on the same input. It seems to be some caching-effect coming into play. On running it several times over, the “correct” output gets printed.

To Reproduce I run the following command: myth -xo json file_path.sol

I’m running the following source code - https://etherscan.io/address/0x00000b233566fcc3825f94d68d4fc410f8cb2300#code I’ve copied the code from there and placed it in a file on my local machine where I’m running Mythril.

Expected behavior Mythril is supposed to detect possible integer overflows.

However, on most runs, it outputs the following - {"error": null, "issues": [], "success": true}

And in a one-off run, it dumps the seemingly correct output -

{  
   "error":null,
   "issues":[  
      {  
         "address":1595,
         "code":"     emit Transfer(owner, to[i], values[i]);\n        }\n        return(i);\n    }\n}",
         "debug":"calldata_ApproveAndCallFallBack_4: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc\ncalldata_ApproveAndCallFallBack_0: 0xaad41a4100000000000000000000000000000000000000000000000000000000\ncalldatasize_ApproveAndCallFallBack: 0x4\ncallvalue: 0x0\n",
         "description":"A possible integer overflow exists in the function `multisend(address[],uint256[])`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.",
         "filename":"sol_0x00000b233566fcc3825f94d68d4fc410f8cb2300.sol",
         "function":"multisend(address[],uint256[])",
         "lineno":274,
         "title":"Integer Overflow ",
         "type":"Warning"
      },
      {  
         "address":1826,
         "code":"k(spender).receiveApproval(msg.sender, tokens, this, data);\n        return true;\n    }\n\n\n    // ------------------------------------------------------------------------\n    // Owner can transfer out any accidentally sent ERC20 tokens\n    // ------------------------------------------------------------------------\n    function t",
         "debug":"calldata_ApproveAndCallFallBack_32 + 36: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc\ncalldata_ApproveAndCallFallBack_0: 0xcae9ca5100000000000000000000000000000000000000000000000000000000\ncalldatasize_ApproveAndCallFallBack: 0x4\ncallvalue: 0x0\n",
         "description":"A possible integer overflow exists in the function `approveAndCall(address,uint256,bytes)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.",
         "filename":"sol_0x00000b233566fcc3825f94d68d4fc410f8cb2300.sol",
         "function":"approveAndCall(address,uint256,bytes)",
         "lineno":241,
         "title":"Integer Overflow ",
         "type":"Warning"
      },
      {  
         "address":6549,
         "debug":"The exception is triggered under the following conditions:\n\ncalldata_ApproveAndCallFallBack_4 + calldata_ApproveAndCallFallBack_4: 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nstorage_0: 0x0\ncaller: 0x0\ncalldata_ApproveAndCallFallBack_0: 0xaad41a4100000000000000000000000000000000000000000000000000000000\ncalldatasize_ApproveAndCallFallBack: 0x4\nmem_128 +\n32 +\n32*\ncalldata_ApproveAndCallFallBack_4 + calldata_ApproveAndCallFallBack_4: 0x0\ncallvalue: 0x0\n",
         "description":"A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. ",
         "filename":"sol_0x00000b233566fcc3825f94d68d4fc410f8cb2300.sol",
         "function":"multisend(address[],uint256[])",
         "lineno":278,
         "title":"Exception state",
         "type":"Informational"
      },
      {  
         "address":8556,
         "code":"quire",
         "debug":"calldata_ApproveAndCallFallBack_32 + 36: 0x800000000000000003ffd0badcb9b7000000002781000000000000000006bfff\nstorage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncalldata_ApproveAndCallFallBack_32_+_4: 0x800000000000000000008eb2e34648ee0801030820000000000000000000a000\nstorage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncaller: 0x800000000000000003ffd0badcb9b7000000002781000000000000000006bfff\nstorage_keccac_1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\n1461501637330902918203684832716283019655932542975_&\ncalldata_ApproveAndCallFallBack_4: 0x800000000000000003ffd0badcb9b7000000002781000000000000000006bfff\nstorage_1: 0xff00\ncalldata_ApproveAndCallFallBack_0: 0x23b872dd00000000000000000000000000000000000000000000000000000000\ncalldatasize_ApproveAndCallFallBack: 0x4\ncallvalue: 0x0\n",
         "description":"A possible integer overflow exists in the function `transferFrom(address,address,uint256)`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.",
         "filename":"sol_0x00000b233566fcc3825f94d68d4fc410f8cb2300.sol",
         "function":"transferFrom(address,address,uint256)",
         "lineno":19,
         "title":"Integer Overflow ",
         "type":"Warning"
      }
   ],
   "success":true
}

Screenshots myth_bug

Desktop (please complete the following information):

OS: Ubuntu, 16.04.4 LTS
Latest codebase pulled from Mythril’s github account

Issue Analytics

State:
Created 5 years ago
Comments:10 (2 by maintainers)

Top GitHub Comments

1reaction

JoranHonigcommented, Jul 11, 2018

@shashank-srikant That is now in master ^^

1reaction

muellerberndtcommented, Jul 10, 2018

should i get the names off of the script’s AST and then supply those one by one to myth?

Currently I’m afraid that’s the best option.

Top Results From Across the Web

Mythril Documentation - Read the Docs

If an input file contains multiple contract definitions, Mythril analyzes the last bytecode output produced by solc. You.

imprecise line indicator · Issue #1299 · ConsenSys/mythril · GitHub

However, I sometimes encounter imprecise line information when analyzing other contracts using Mythril. Here is a concrete example contract: https://etherscan.

A Practical Guide to Smart Contract Security Tools - Mythril

In plain words, Mythril goes through branches and detects combinations of input values that enable getting to each of them. Thanks to knowing...

Source code for mythril.interfaces.cli

Consider the input bytecode as binary runtime code, default being the contract ... help="report output format", metavar="<text/markdown/json/jsonv2>", ...

Detecting integer arithmetic bugs in Ethereum smart contracts

Mythril reports a total of three issues. The output shows the program counter address, line number, and source code associated with each ...