eth-sri / securify2 Goto Github PK

Securify v2.0

License: Apache License 2.0

Dockerfile 0.06% Python 17.22% Shell 0.01% C++ 0.08% Solidity 82.62% Jinja 0.01%

ethereum solidity static-analysis datalog security smart-contract vulnerability

securify2's Introduction

Securify v2.0

Securify 2.0 is a security scanner for Ethereum smart contracts supported by the Ethereum Foundation and ChainSecurity. The core research behind Securify was conducted at the Secure, Reliable, and Intelligent Systems Lab at ETH Zurich.

It is the successor of the popular Securify security scanner (you can find the old version here).

Features

Supports 37 vulnerabilities (see table below)
Implements novel context-sensitive static analysis written in Datalog
Analyzes contracts written in Solidity >= 0.5.8

Docker

To build the container:

sudo docker build -t securify .

To run the container:

sudo docker run -it -v <contract-dir-full-path>:/share securify /share/<contract>.sol

Note: to run the code via Docker with a Solidity version that is different than 0.5.12, you will need to modify the variable ARG SOLC=0.5.12 at the top of the Dockerfile to point to your version. After building with the correct version, you should not run into errors.

Install

Prerequisites

The following instructions assume that a Python is already installed. In addition to that, Securify requires solc, souffle and graphviz to be installed on the system:

Solc

sudo add-apt-repository ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install solc

Souffle

Follow the instructions here: https://souffle-lang.github.io/download.html

Please do not opt for the unstable version since it might break at any point.

Graphviz / Dot

sudo apt install graphviz

Setting up the virtual environment

After the prerequisites have been installed, we can set up the python virtual environment from which we will run the scripts in this project.

In the project's root folder, execute the following commands to set up and activate the virtual environment:

virtualenv --python=/usr/bin/python3.7 venv
source venv/bin/activate

Verify that the python version is actually 3.7:

python --version

Set LD_LIBRARY_PATH:

cd <securify_root>/securify/staticanalysis/libfunctors
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:`pwd`

Finally, install the project's dependencies by running the following commands from the <securify_root> folder:

pip install --upgrade pip
pip install -r requirements.txt
pip install -e .

Now you're ready to start using the securify framework.

Remember: Before executing the framework's scripts, you'll need to activate the virtual environment with the following command:

source venv/bin/activate

Usage

Analyzing a contract

Currently Securify2 supports only flat contracts, i.e., contracts that do not contain import statements.

To analyze a local contract simply run:

securify <contract_source>.sol [--use-patterns Pattern1 Pattern2 ...]

Or download it from the Blockchain using the Etherscan.io API:

securify <contract_address> --from-blockchain [--key <key-file>]

Notice that you need an API-key from Etherscan.io to use this functionality.

To analyze a contract against specific severity levels run:

securify <contract_source>.sol [--include-severity Severity1 Severity2]
securify <contract_source>.sol [--exclude-severity Severity1 Severity2]

To get all the available patterns run:

securify --list

Supported vulnerabilities

ID	Pattern name	Severity	Slither ID	SWC ID
1	TODAmount	Critical	-	SWC-114
2	TODReceiver	Critical	-	SWC-114
3	TODTransfer	Critical	-	SWC-114
4	UnrestrictedWrite	Critical	-	SWC-124
5	RightToLeftOverride	High	`rtlo`	SWC-130
6	ShadowedStateVariable	High	`shadowing-state`, `shadowing-abstract`	SWC-119
7	UnrestrictedSelfdestruct	High	`suicidal`	SWC-106
8	UninitializedStateVariable	High	`uninitialized-state`	SWC-109
9	UninitializedStorage	High	`uninitialized-storage`	SWC-109
10	UnrestrictedDelegateCall	High	`controlled-delegatecall`	SWC-112
11	DAO	High	`reentrancy-eth`	SWC-107
12	ERC20Interface	Medium	`erc20-interface`	-
13	ERC721Interface	Medium	`erc721-interface`	-
14	IncorrectEquality	Medium	`incorrect-equality`	SWC-132
15	LockedEther	Medium	`locked-ether`	-
16	ReentrancyNoETH	Medium	`reentrancy-no-eth`	SWC-107
17	TxOrigin	Medium	`tx-origin`	SWC-115
18	UnhandledException	Medium	`unchecked-lowlevel`	-
19	UnrestrictedEtherFlow	Medium	`unchecked-send`	SWC-105
20	UninitializedLocal	Medium	`uninitialized-local`	SWC-109
21	UnusedReturn	Medium	`unused-return`	SWC-104
22	ShadowedBuiltin	Low	`shadowing-builtin`	-
23	ShadowedLocalVariable	Low	`shadowing-local`	-
24	CallToDefaultConstructor?	Low	`void-cst`	-
25	CallInLoop	Low	`calls-loop`	SWC-104
26	ReentrancyBenign	Low	`reentrancy-benign`	SWC-107
27	Timestamp	Low	`timestamp`	SWC-116
28	AssemblyUsage	Info	`assembly`	-
29	ERC20Indexed	Info	`erc20-indexed`	-
30	LowLevelCalls	Info	`low-level-calls`	-
31	NamingConvention	Info	`naming-convention`	-
32	SolcVersion	Info	`solc-version`	SWC-103
33	UnusedStateVariable	Info	`unused-state`	-
34	TooManyDigits	Info	`too-many-digits`	-
35	ConstableStates	Info	`constable-states`	-
36	ExternalFunctions	Info	`external-function`	-
37	StateVariablesDefaultVisibility	Info	-	SWC-108

The following Slither patterns are not checked by Securify since they are checked by the Solidity compiler (ver. 0.5.8):

constant-function
deprecated-standards
pragma

The following SWC vulnerabilities do not apply to Solidity contracts with pragma >=5.8 and are therefore not checked by Securify:

SWC-118 (Incorrect Constructor Name)
SWC-129 (Usage of +=)

securify2's People

Contributors

Stargazers

Watchers

Forkers

btuprotocol dbruetsch macromachine lushena litch1-v zeta1999 librechain earthwater echplus dutchcoin unbanksytv bernardchooo alexandreh adamhos roson9527 blueskysir breakingofchains c-vision enderphan94 gsoncloud cryptobear21 shisangmoebie antonga23 adomore lambda2023 geeks121 embezzler yakshavingcatherder developerfred nasa8x dcthang pucqx zerrrow readygo67 coinsccg wenxiang-li yessson gaslimitreached badal1234 sirhashalot missionctrlbiz binyu-xidian-university darksidesfear othmanequarati yuanzimu 858887483 luciusdecker anthonyche troublor w4tchd09 etsploit daoyuan14 charesfang yingaibb wilson-ang kalianalytics anngdev tigerbeer688 soapywu noorul-islam ramikan trouvail shervinr rektifyai p4n7h3rx dekinsq yzkee andborges gitcryptodevops zhu1971 icontee cy0xz ck112358 davidhoang101 dellalibera bap-thachpv zhenglanfeng traumaxp imsellbaox andrijasa triex ajunlonglive crackwei taejoonn adaptivefailure ilensb intricate-potato movehubs guoyizhang vital-block fairhopeweb suekaytian websecresearch aamermershed tunvit blockcrate zerilsec thanu317 karashutosh xiongxiongxiongc

securify2's Issues

is this project dead? only support solidity <= 6.0?

Error in analyzying smart contract

Hi, I am trying to work on a benchmark related to different analyzers.
I try to scan a contract (0x7.sol) and I receive some errors (0x7
0x7_solidity.txt

.txt). Which is the main problem and How can I solve it? Thanks
0x7.txt

Securify Grammar Error

Hello, I am trying to use Securify on a smart contracts of 0.8.9 version, but the tool continues to give me the following error:
securify.grammar.GrammarError: Symbol 'UncheckedBlock' not found in grammar.

What should I do?
Thx!

Does securify analyse all contracts in a contract file?

Some .sol-files contain several contracts. If so, does securify analyse all of them? If not, which one does it analyse?

Error on check sol with docker

Traceback (most recent call last):
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_iterative.py", line 53, in evaluate
    result = super()._execute_rule(rule, arguments)
  File "/sec/securify/grammar/attributes/evaluators/evaluator_base.py", line 42, in _execute_rule
    return rule.func(**{name: node for name, node in arguments.items()})
  File "/sec/securify/solidity/v_0_5_x/solidity_rules_constructors.py", line 203, in cfg_state_init
    return CfgSimple.concatenate(*(cfg_state_inits[c] for c in reversed(self.linearized_base_contracts)))
  File "/sec/securify/solidity/v_0_5_x/solidity_rules_constructors.py", line 203, in <genexpr>
    return CfgSimple.concatenate(*(cfg_state_inits[c] for c in reversed(self.linearized_base_contracts)))
KeyError: 1645

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "securify/__main__.py", line 286, in <module>
    main()
  File "securify/__main__.py", line 277, in main
    matches.extend(pattern.find_matches())
  File "/sec/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
    static = analysis_context.static_analysis
  File "/sec/securify/analyses/analysis.py", line 88, in static_analysis
    self._static = self.config.static_analysis(self)
  File "securify/__main__.py", line 255, in <lambda>
    static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
  File "/sec/securify/analyses/analysis.py", line 81, in cfg
    self._cfg = self.config.cfg_compiler(self)
  File "securify/__main__.py", line 254, in <lambda>
    cfg_compiler=lambda t: solidity_cfg_compiler.compile_cfg(t.ast).cfg,
  File "/sec/securify/solidity/solidity_cfg_compiler.py", line 88, in compile_cfg
    cfg = ast_attr.cfg
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_base.py", line 84, in __get__
    return self.__evaluator.evaluate(instance, self.__name)
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_iterative.py", line 57, in evaluate
    f"Rule trace: {self.__rule_trace(dependency_path)}") from e
securify.grammar.attributes.AttributeGrammarError: Error during evaluation of rule 'cfg_state_init'. 
Rule trace: 
        SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 199)
        SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 272)
        SynthesizeRule cfg_constructor (File "/sec/securify/solidity/v_0_5_x/solidity_rules_constructors.py", line 154)
        SynthesizeRule cfg_state_init (File "/sec/securify/solidity/v_0_5_x/solidity_rules_constructors.py", line 198)

Docker Build fails on Ubuntu 20.0

The docker build fails every time on this command.

RUN apt-get update && apt-get install -y    software-properties-common    locales

Error

E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu60_60.2-3ubuntu3_amd64.deb  Connection failed [IP: 91.189.88.173 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

How to get libicu60_60.2-3ubuntu3_amd64.deb? Any alternate workaround?

Can not analyze smart contract due to Souffle

I have configured successfully for all the prerequisite, when I entered

python securify

I can get:

usage: securify contract.sol [opts]
securify: error: the following arguments are required: contract

But when I tried to analyze a simple smart contract with reentrancy vulnerability, I got the error:

Environment variable LD_LIBRARY_PATH not set. Setting it up...
pragma directive defines a prior version to 0.6.7. Changing pragma version to 0.6.7....
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "securify/__main__.py", line 286, in <module>
    main()
  File "securify/__main__.py", line 272, in main
    severity_exc=args.exclude_severity)
  File "securify/__main__.py", line 15, in get_list_of_patterns
    pattern_classes = discover_patterns()
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/analyses/analysis.py", line 123, in discover_patterns
    patterns.update(c.get())
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/analyses/patterns/static/static_analysis_patterns.py", line 16, in get
    patterns = cls.__list_static_patterns()
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/analyses/patterns/static/static_analysis_patterns.py", line 23, in __list_static_patterns
    patterns = static_analysis.discover_patterns()
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/staticanalysis/static_analysis.py", line 69, in discover_patterns
    souffle_kwargs=kw_args_souffle)
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/staticanalysis/souffle/souffle.py", line 62, in run_souffle
    **(souffle_kwargs or {}))
  File "/Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/staticanalysis/souffle/wrapper.py", line 119, in souffle_wrapper
    stderr_data=codecs.decode(stderrdata),
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:

cannot open file /Users/ningyu/securify2/venv/lib/python3.7/site-packages/securify-0.0.1-py3.7.egg/securify/staticanalysis/souffle_analysis/analysis.dl

I have tried souffle from 1.6.2 to 1.7.2, none of them can settle this thing down. Could you please help me with this problem, thank you!

Solidity Compiler Version

I wanna change solidity's compiler version. (current version is v0.5.12.)

i installed solc v0.4.24 and changed my env path.

But I get the following error. Does securify currently support only solc in version 0.5.12?

--------------- error console-------------------------
solc.exceptions.SolcError: fixed_pragma.sol:1:1: ParserError: Source file requires different compiler version (current compiler is 0.5.12-develop.2019.8.13+commit.e91c6acb.Linux.g++ - note that nightly builds are considered to be strictly less than the released version
pragma solidity 0.4.24;
^---------------------^

    > command: `solc --allow-paths / --standard-json`
    > return code: `0`
    > stderr:
    {"errors":[{"component":"general","formattedMessage":"Warning: This is a pre-release compiler version, please do not use it in production.\n","message":"This is a pre-release compiler version, please do not use it in production.","severity":"warning","type":"Warning"},{"component":"general","formattedMessage":"fixed_pragma.sol:1:1: ParserError: Source file requires different compiler version (current compiler is 0.5.12-develop.2019.8.13+commit.e91c6acb.Linux.g++ - note that nightly builds are considered to be strictly less than the released version\npragma solidity 0.4.24;\n^---------------------^\n","message":"Source file requires different compiler version (current compiler is 0.5.12-develop.2019.8.13+commit.e91c6acb.Linux.g++ - note that nightly builds are considered to be strictly less than the released version","severity":"error","sourceLocation":{"end":23,"file":"fixed_pragma.sol","start":0},"type":"ParserError"}],"sources":{}}

website is down

https://securify.chainsecurity.com/ is giving 400 error

Use Local Memory Type Variable Instead of Global Storage Type Variable in Event to Save Gas

Hi, we recently have conducted a systematic study about Solidity event usage, evolution, and impact, and we are attempting to build a tool to improve the practice of Solidity event use based on our findings. We have tried our prototype tool on some of the most popular GitHub Solidity repositories, and for your repository, we find a potential optimization of gas consumption arisen from event use.

The point is that when we use emit operation to store the value of a certain variable, local memory type variable would be preferable to global storage type (state) variable if they hold the same value. The reason is that an extra SLOAD operation would be needed to access the variable if it is storage type, and the SLOAD operation costs 800 gas.

For your repository, we find that the following event use can be improved:

DarknodePayment.flat.sol
function name: updateDarknodePayment
event name: LogDarknodePaymentUpdated
variable: darknodePayment->_darknodePayment

    function updateDarknodePayment(IDarknodePayment _darknodePayment) external onlyOwner {
        require(address(_darknodePayment) != address(0x0), "DarknodeRegistry: invalid Darknode Payment address");
        IDarknodePayment previousDarknodePayment = darknodePayment;
        darknodePayment = _darknodePayment;
        emit LogDarknodePaymentUpdated(previousDarknodePayment, darknodePayment);
    }

function name: updateDarknodeRegistry
event name: LogDarknodeRegistryUpdated
variable: darknodeRegistry->_darknodeRegistry

    function updateDarknodeRegistry(DarknodeRegistry _darknodeRegistry) external onlyOwner {
        require(address(_darknodeRegistry) != address(0x0), "DarknodePayment: invalid Darknode Registry address");
        DarknodeRegistry previousDarknodeRegistry = darknodeRegistry;
        darknodeRegistry = _darknodeRegistry;
        emit LogDarknodeRegistryUpdated(previousDarknodeRegistry, darknodeRegistry);
    }

function name: updatePayoutPercentage
event name: LogPayoutPercentChanged
variable: nextCyclePayoutPercent->_percent

    function updatePayoutPercentage(uint256 _percent) external onlyOwner validPercent(_percent) {
        uint256 oldPayoutPercent = nextCyclePayoutPercent;
        nextCyclePayoutPercent = _percent;
        emit LogPayoutPercentChanged(nextCyclePayoutPercent, oldPayoutPercent);
    }

DaiHard.sol
function name: commit
event name: Committed
variable: responder->_responder

    function commit(address _responder, string calldata commPubkey)
    external
    inPhase(Phase.Open)
    /* any msg.sender */ {
        require(!autorecallAvailable(), "autorecallInterval has passed; this offer has expired.");

        responder = _responder;

        if (initiatorIsCustodian) {
            beneficiary = responder;
        }
        else {
            custodian = responder;
        }

        changePhase(Phase.Committed);
        emit Committed(responder, commPubkey);

        require(daiContract.transferFrom(msg.sender, address(this), getResponderDeposit()),
                                         "Can't transfer the required deposit from the DAI contract. Did you call approve first?"
                                         );
    }

RefundableCrowdsaleImpl.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient

    function transferPrimary(address recipient) public onlyPrimary {
        require(recipient != address(0));
        _primary = recipient;
        emit PrimaryTransferred(_primary);
    }

Escrow.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
RefundEscrow.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
RefundablePostDeliveryCrowdsaleImpl.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
SecondaryMock.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
RefundableCrowdsale.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
PullPaymentMock.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
PullPayment.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
ConditionalEscrow.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
SampleCrowdsale.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
ConditionalEscrowMock.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
Secondary.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient
RefundablePostDeliveryCrowdsale.sol
function name: transferPrimary
event name: PrimaryTransferred
variable: _primary->recipient

Do you find our results useful? Your reply and invaluable suggestions would be greatly appreciated, and are vital for improving our tool. Thanks a lot for your time!

support for Solidity 0.7

what is the latest version of Solidity that is supported
and is 0.7 on the horizon?

i get this error when running on 0.7 Sol

File "/mnt/c/Users/rfakhour/Ubuntu/securify2/venv/bin/securify", line 11, in
load_entry_point('securify', 'console_scripts', 'securify')()
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/main.py", line 277, in main
matches.extend(pattern.find_matches())
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
static = analysis_context.static_analysis
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/analyses/analysis.py", line 88, in static_analysis
self._static = self.config.static_analysis(self)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/main.py", line 255, in
static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/analyses/analysis.py", line 81, in cfg
self._cfg = self.config.cfg_compiler(self)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/main.py", line 254, in
cfg_compiler=lambda t: solidity_cfg_compiler.compile_cfg(t.ast).cfg,
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/solidity/solidity_cfg_compiler.py", line 84, in compile_cfg
compile_evaluable_ast(ast_or_source_path)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/solidity/solidity_cfg_compiler.py", line 74, in compile_evaluable_ast
implicit_terminals=True).transform(ast_dict)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 53, in transform
tree = self.transform_element(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 89, in transform_element
tmp = self.transform_element(e)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 89, in transform_element
tmp = self.transform_element(e)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 89, in transform_element
tmp = self.transform_element(e)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 123, in __transform_dict
setattr(node, attribute_name, self.transform_element(value))
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 65, in transform_element
return self.__transform_dict(element)
File "/mnt/c/Users/rfakhour/Ubuntu/securify2/securify/grammar/transformer.py", line 104, in __transform_dict
raise GrammarError(f"Symbol '{symbol_name}' not found in grammar.")
securify.grammar.GrammarError: Symbol 'FunctionCallOptions' not found in grammar.

securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution

ENVIRONMENT:
solc version: 0.5.16
python version: 3.7.5
souffle version: 1.6.2
os: ubuntu 18.04

ERROR:
(venv) test@ubuntu:~$ securify Jump.sol
libfunctors.so not compiled. Compiling it now...
Executable not found. Compiling it now. This might take some time...
Traceback (most recent call last):
File "/home/test/venv/bin/securify", line 33, in
sys.exit(load_entry_point('securify', 'console_scripts', 'securify')())
File "/home/test/securify2/securify/main.py", line 277, in main
matches.extend(pattern.find_matches())
File "/home/test/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
static = analysis_context.static_analysis
File "/home/test/securify2/securify/analyses/analysis.py", line 88, in static_analysis
self._static = self.config.static_analysis(self)
File "/home/test/securify2/securify/main.py", line 255, in
static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
File "/home/test/securify2/securify/staticanalysis/static_analysis.py", line 124, in analyze_cfg
souffle_kwargs=kw_args_souffle)
File "/home/test/securify2/securify/staticanalysis/souffle/souffle.py", line 62, in run_souffle
**(souffle_kwargs or {}))
File "/home/test/securify2/securify/staticanalysis/souffle/wrapper.py", line 119, in souffle_wrapper
stderr_data=codecs.decode(stderrdata),
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:

Warning: No rules/facts defined for relation patternIncorrectInequalityPattern.compliantInContext in unknown source location.
Warning: Variable comment only occurs once in unknown source location.
Warning: Variable ctxString only occurs once in unknown source location.
Warning: No rules/facts defined for relation patternUnusedStateVariablePattern.compliance in unknown source location.
Warning: Variable callerFunction only occurs once in unknown source location.
Warning: Variable callerFunction only occurs once in unknown source location.
Warning: Variable callerTransfers only occurs once in unknown source location.
Warning: Variable callerTag only occurs once in unknown source location.
Warning: Variable thisBlock only occurs once in unknown source location.
Warning: No rules/facts defined for relation warnings in unknown source location.
terminate called after throwing an instance of 'std::runtime_error'
what(): failed to locate souffle-compile

When does it support 0.8 0 version?

Error building dockerfile using solc 0.7.4

in Dockerfile:

ARG SOLC=0.7.4

Error message:

Step 18/21 : RUN cd /sec/securify/staticanalysis/souffle_analysis &&         souffle --dl-program=../dl-program         --fact-dir=/sec/securify/staticanalysis/facts_in         --output-dir=/sec/securify/staticanalysis/facts_out         -L../libfunctors -w analysis.dl
 ---> Running in 9adeb4f73d41
Removing intermediate container 9adeb4f73d41
 ---> 8bcefeb788a6
Step 19/21 : ENV LD_LIBRARY_PATH /sec/securify/staticanalysis/libfunctors
 ---> Running in c6387ab83f6d
Removing intermediate container c6387ab83f6d
 ---> b3ccbab49d2b
Step 20/21 : RUN cd /sec/securify/ && securify staticanalysis/testContract.sol
 ---> Running in e8843cf8adfd
pragma directive defines a prior version to 0.7.4. Changing pragma version to 0.7.4....
Traceback (most recent call last):
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_iterative.py", line 53, in evaluate
    result = super()._execute_rule(rule, arguments)
  File "/sec/securify/grammar/attributes/evaluators/evaluator_base.py", line 42, in _execute_rule
    return rule.func(**{name: node for name, node in arguments.items()})
  File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 2295, in expression_value
    declaration = self.resolve()
  File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 2287, in resolve
    return self.resolve_reference(self.referenced_declaration)
  File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 46, in resolve_reference
    return self.root().ast_nodes_by_id().get(node_id, None)
  File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 161, in ast_nodes_by_id
    return {d.id: d for d in self.descendants() if d is not None}
  File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 161, in <dictcomp>
    return {d.id: d for d in self.descendants() if d is not None}
  File "/sec/securify/grammar/__init__.py", line 313, in descendants
    yield from ProductionOps.descendants(child)
  File "/sec/securify/grammar/__init__.py", line 313, in descendants
    yield from ProductionOps.descendants(child)
  File "/sec/securify/grammar/__init__.py", line 309, in descendants
    for child in ProductionOps.children(self):
  File "/sec/securify/grammar/__init__.py", line 300, in children
    child = getattr(self, name)
AttributeError: 'VariableDeclaration__AllAttrsMixin' object has no attribute 'value'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/bin/securify", line 11, in <module>
    load_entry_point('securify==0.0.1', 'console_scripts', 'securify')()
  File "/sec/securify/__main__.py", line 277, in main
    matches.extend(pattern.find_matches())
  File "/sec/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
    static = analysis_context.static_analysis
  File "/sec/securify/analyses/analysis.py", line 88, in static_analysis
    self._static = self.config.static_analysis(self)
  File "/sec/securify/__main__.py", line 255, in <lambda>
    static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
  File "/sec/securify/analyses/analysis.py", line 81, in cfg
    self._cfg = self.config.cfg_compiler(self)
  File "/sec/securify/__main__.py", line 254, in <lambda>
    cfg_compiler=lambda t: solidity_cfg_compiler.compile_cfg(t.ast).cfg,
  File "/sec/securify/solidity/solidity_cfg_compiler.py", line 88, in compile_cfg
    cfg = ast_attr.cfg
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_base.py", line 84, in __get__
    return self.__evaluator.evaluate(instance, self.__name)
  File "/sec/securify/grammar/attributes/evaluators/evaluator_demand_iterative.py", line 57, in evaluate
    f"Rule trace: {self.__rule_trace(dependency_path)}") from e
securify.grammar.attributes.AttributeGrammarError: Error during evaluation of rule 'expression_value'. 
Rule trace: 
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 199)
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 272)
	PushdownRule next_cfgs_unlinked (ImplicitPushdown)
	PushdownRule push_cfgs (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 163)
	SynthesizeRule contract_cfg_unlinked (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 258)
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 529)
	SynthesizeRule cfg_unmodified (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 507)
	SynthesizeRule cfg_body (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 500)
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 869)
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 1520)
	SynthesizeRule cfg (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 2013)
	SynthesizeRule expression_value (File "/sec/securify/solidity/v_0_5_x/solidity_grammar_core.py", line 2293)
The command '/bin/sh -c cd /sec/securify/ && securify staticanalysis/testContract.sol' returned a non-zero code: 1

Question: Is the tool unable to analyze bytecode?

Hello, I have a question, can your tool only analyze source code, but not bytecode?

Error: Atom's argument type is not a subtype of its declared type

I am running securify2 on Ubuntu 22. Installed dependencies, python3.7 and followed the installation instructions (not using docker).

$ securify -b 0x3b1417C1f204607DEdA4767929497256e4ff540C --key ~/.local/api_key.txt 
Traceback (most recent call last):
  File "/home/dev/projects/securify2/venv/bin/securify", line 33, in <module>
    sys.exit(load_entry_point('securify', 'console_scripts', 'securify')())
  File "/home/dev/projects/securify2/securify/__main__.py", line 272, in main
    severity_exc=args.exclude_severity)
  File "/home/dev/projects/securify2/securify/__main__.py", line 15, in get_list_of_patterns
    pattern_classes = discover_patterns()
  File "/home/dev/projects/securify2/securify/analyses/analysis.py", line 123, in discover_patterns
    patterns.update(c.get())
  File "/home/dev/projects/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 16, in get
    patterns = cls.__list_static_patterns()
  File "/home/dev/projects/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 23, in __list_static_patterns
    patterns = static_analysis.discover_patterns()
  File "/home/dev/projects/securify2/securify/staticanalysis/static_analysis.py", line 69, in discover_patterns
    souffle_kwargs=kw_args_souffle)
  File "/home/dev/projects/securify2/securify/staticanalysis/souffle/souffle.py", line 62, in run_souffle
    **(souffle_kwargs or {}))
  File "/home/dev/projects/securify2/securify/staticanalysis/souffle/wrapper.py", line 119, in souffle_wrapper
    stderr_data=codecs.decode(stderrdata),
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:  

Warning: Deprecated type declaration used in util-sets.dl:5:2
Warning: No rules/facts defined for relation patternIncorrectInequalityPattern.compliantInContext in abstract-context-pattern.dl:9:8
Warning: Variable comment only occurs once in abstract-context-pattern.dl:26:38
Warning: Variable ctxString only occurs once in abstract-context-pattern.dl:26:81
Warning: Variable from only occurs once in analysis-dataflow.dl:87:35
Warning: Deprecated type declaration used in analysis-input.dl:3:1
Warning: Deprecated type declaration used in analysis-input.dl:4:1
Warning: Deprecated type declaration used in analysis-input.dl:5:1
Warning: Deprecated type declaration used in analysis-input.dl:6:1
Warning: Deprecated type declaration used in analysis-input.dl:7:1
Warning: Deprecated type declaration used in analysis-input.dl:8:1
Warning: Deprecated type declaration used in analysis-input.dl:9:1
Warning: Deprecated type declaration used in analysis-patterns.dl:1:1
Warning: Deprecated type declaration used in analysis-patterns.dl:4:1
Warning: Deprecated type declaration used in analysis-patterns.dl:5:1
Warning: Deprecated type declaration used in analysis-patterns.dl:6:1
Warning: No rules/facts defined for relation patternUnusedStateVariablePattern.compliance in analysis-patterns.dl:29:8
Warning: Deprecated type declaration used in callstack-context.dl:3:1
Warning: Variable callerFunction only occurs once in callstack-context.dl:20:26
Warning: Variable callerFunction only occurs once in callstack-context.dl:28:26
Warning: Variable callerTag only occurs once in callstack-context.dl:28:59
Warning: Variable callerFunction only occurs once in callstack-context.dl:37:26
Warning: Variable callerTransfers only occurs once in callstack-context.dl:37:42
Warning: Variable callerTag only occurs once in callstack-context.dl:37:59
Error: Atom's argument type is not a subtype of its declared type in locked-ether.dl:15:24
The argument's declared type is Contract in abstract-contract-pattern.dl:26:37
Warning: Variable argInContext only occurs once in pass.dl:27:38
Error: Atom's argument type is not a subtype of its declared type in timestamp.dl:53:40
The argument's declared type is Element in timestamp.dl:52:77
Error: Atom's argument type is not a subtype of its declared type in tx-origin.dl:37:14
The argument's declared type is Transfer in tx-origin.dl:36:26
Warning: Variable valueCtx only occurs once in unrestricted-ether-flow.dl:38:38
Warning: Variable thisBlock only occurs once in unused-return.dl:11:22
Warning: Variable _c marked as singleton but occurs more than once in __semantics__.dl:23:146
Warning: Variable _c marked as singleton but occurs more than once in __semantics__.dl:24:144
Warning: Variable _c marked as singleton but occurs more than once in __semantics__.dl:27:111
Warning: Variable _c marked as singleton but occurs more than once in __semantics__.dl:31:109
Warning: Variable _c marked as singleton but occurs more than once in __semantics__.dl:33:141
Error: Atom's argument type is not a subtype of its declared type in trusted-variable.dl:29:32
The argument's declared type is Set in trusted-variable.dl:12:55
Error: Ambiguous record in trusted-variable.dl:29:46
Warning: No rules/facts defined for relation warnings in util-debug.dl:5:7
5 errors generated, evaluation aborted

When I use security --list the following error occurred

Error: Atom's argument type is not a subtype of its declared type in file locked-ether.dl at line 15
contractCompliance(contract, matchComment) :-
-----------------------^---------------------------
The argument's declared type is Contract in file abstract-contract-pattern.dl at line 26
.decl contractCompliance(contract: Contract, comment: MatchComment)
------------------------------------^---------------------------------
Warning: Variable argInContext only occurs once in file pass.dl at line 27
ctxProvider.elementInContext(argInContext, argument, context),
-------------------------------------^----------------------------------
Error: Atom's argument type is not a subtype of its declared type in file timestamp.dl at line 53
existsBlockTimestamp(timestampSSA, blockTimestampLine):-
---------------------------------------^----------------------
The argument's declared type is Element in file timestamp.dl at line 52
.decl existsBlockTimestamp(blockTimestamp: Element, blockTimestampLine: Element)
----------------------------------------------------------------------------^---------
Error: Atom's argument type is not a subtype of its declared type in file tx-origin.dl at line 37
callInfo(call, matchInfo, matchComment) :-
-------------^----------------------------------
The argument's declared type is Transfer in file tx-origin.dl at line 36
.decl callInfo(call: Transfer, matchInfo: symbol, matchComment: symbol)
-------------------------^---------------------------------------------------
Warning: Variable valueCtx only occurs once in file unrestricted-ether-flow.dl at line 38
ctxProvider.elementInContext(valueCtx, value, context),
-------------------------------------^---------------------------
Warning: Variable thisBlock only occurs once in file unused-return.dl at line 11
externalJump(thisBlock, otherBlock, returnBlock),
---------------------^-------------------------------------
Warning: Deprecated type declaration used in file util-sets.dl at line 5
.symbol_type Set
-^-----------------
Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 23
criticalUsageAt(val, call) :- externalCall(c), callValue(c, v), SAME_CTX(val, call, v, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24
criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27
SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31
SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33
criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).

Error: Atom's argument type is not a subtype of its declared type in file trusted-variable.dl at line 29
trustedPredecessors(node, SET_ADD(set, [pred])) :-
-------------------------------^------------------------
The argument's declared type is Set in file trusted-variable.dl at line 12
.decl trustedPredecessors(node: data.Node, preds: Set)
------------------------------------------------------^-----
Error: Ambiguous record in file trusted-variable.dl at line 29
trustedPredecessors(node, SET_ADD(set, [pred])) :-
---------------------------------------------^----------
Warning: No rules/facts defined for relation warnings in file util-debug.dl at line 5
.decl warnings(error: symbol)
------^------------------------
5 errors generated, evaluation aborted

Error loading data: Cannot open fact file balance.facts

When running this command for a flattened contract:

sudo docker run -it -v <contract-dir-full-path>:/share securify /share/<contract>.sol

I get the following error:

pragma directive defines a prior version to 0.5.12. Changing pragma version to 0.5.12....
Traceback (most recent call last):
  File "securify/__main__.py", line 286, in <module>
    main()
  File "securify/__main__.py", line 277, in main
    matches.extend(pattern.find_matches())
  File "/sec/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
    static = analysis_context.static_analysis
  File "/sec/securify/analyses/analysis.py", line 88, in static_analysis
    self._static = self.config.static_analysis(self)
  File "securify/__main__.py", line 255, in <lambda>
    static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
  File "/sec/securify/staticanalysis/static_analysis.py", line 124, in analyze_cfg
    souffle_kwargs=kw_args_souffle)
  File "/sec/securify/staticanalysis/souffle/souffle.py", line 62, in run_souffle
    **(souffle_kwargs or {}))
  File "/sec/securify/staticanalysis/souffle/wrapper.py", line 141, in souffle_wrapper
    stderr_data=codecs.decode(stderrdata),
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:  

Error loading data: Cannot open fact file balance.facts

Has anyone seen this before?

Smartcontracts with imports don´t work

Hello,
I am trying to analyze some smart contracts and i am not able to analyze them if they use imports. I attached a screenshot with the error of ERC165.
Any idea of what i am doing wrong??? Or imports are not supported yet.

Thank you

How can I test a byte-code contract file with Securify?

Hello,

how can I test a byte-code contract file with Securify? It should be possible since Securify can directly analyse a contract from the blockchain. However, unfortunatelly the README only shows how to analyse a .sol file.

Thanks!

Lukas

securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:

I encountered an error, securify2 will crash when I use securify2 (local) to analyze the following contract. I checked all the dependencies and they all met the requirements.
the contract:

/**
 *Submitted for verification at Etherscan.io on 2020-02-09
*/

pragma solidity ^0.5.8;

interface TokenInterface {
    function allowance(address, address) external view returns (uint);
    function balanceOf(address) external view returns (uint);
    function approve(address, uint) external;
    function transfer(address, uint) external returns (bool);
    function transferFrom(address, address, uint) external returns (bool);
    function deposit() external payable;
    function withdraw(uint) external;
}

interface UniswapExchange {
    function getEthToTokenInputPrice(uint ethSold) external view returns (uint tokenBought);
    function getTokenToEthInputPrice(uint tokenSold) external view returns (uint ethBought);
    function ethToTokenSwapInput(uint minTokens, uint deadline) external payable returns (uint tokenBought);
    function tokenToEthSwapInput(uint tokenSold, uint minEth, uint deadline) external returns (uint ethBought);
}

interface KyberInterface {
    function trade(
        address src,
        uint srcAmount,
        address dest,
        address destAddress,
        uint maxDestAmount,
        uint minConversionRate,
        address walletId
        ) external payable returns (uint);

    function getExpectedRate(
        address src,
        address dest,
        uint srcQty
        ) external view returns (uint, uint);
}

interface Eth2DaiInterface {
    function getBuyAmount(address dest, address src, uint srcAmt) external view returns(uint);
	function getPayAmount(address src, address dest, uint destAmt) external view returns (uint);
	function sellAllAmount(
        address src,
        uint srcAmt,
        address dest,
        uint minDest
    ) external returns (uint destAmt);
	function buyAllAmount(
        address dest,
        uint destAmt,
        address src,
        uint maxSrc
    ) external returns (uint srcAmt);
}


contract DSMath {

    function add(uint x, uint y) internal pure returns (uint z) {
        require((z = x + y) >= x, "math-not-safe");
    }

    function sub(uint x, uint y) internal pure returns (uint z) {
        require((z = x - y) <= x, "ds-math-sub-underflow");
    }

    function mul(uint x, uint y) internal pure returns (uint z) {
        require(y == 0 || (z = x * y) / y == x, "math-not-safe");
    }

    uint constant WAD = 10 ** 18;
    uint constant RAY = 10 ** 27;

    function rmul(uint x, uint y) internal pure returns (uint z) {
        z = add(mul(x, y), RAY / 2) / RAY;
    }

    function rdiv(uint x, uint y) internal pure returns (uint z) {
        z = add(mul(x, RAY), y / 2) / y;
    }

    function wmul(uint x, uint y) internal pure returns (uint z) {
        z = add(mul(x, y), WAD / 2) / WAD;
    }

    function wdiv(uint x, uint y) internal pure returns (uint z) {
        z = add(mul(x, WAD), y / 2) / y;
    }

}


contract Helper is DSMath {

    address public eth2daiAddr = 0x794e6e91555438aFc3ccF1c5076A74F42133d08D;
    address public uniswapAddr = 0x2a1530C4C41db0B0b2bB646CB5Eb1A67b7158667; // Uniswap DAI exchange
    address public kyberAddr = 0x818E6FECD516Ecc3849DAf6845e3EC868087B755;
    address public ethAddr = 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE;
    address public wethAddr = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
    address public daiAddr = 0x6B175474E89094C44Da98b954EedeAC495271d0F;
    address public adminOne = 0xa7615CD307F323172331865181DC8b80a2834324;
    address public adminTwo = 0x7284a8451d9a0e7Dc62B3a71C0593eA2eC5c5638;
    uint public maxSplitAmtEth = 60000000000000000000;
    uint public maxSplitAmtDai = 20000000000000000000000;
    uint public cut = 1000000000000000000; // 0% charge
    uint public minDai = 200000000000000000000; // DAI < 200 swap with Kyber or Uniswap
    uint public minEth = 1000000000000000000; // ETH < 1 swap with Kyber or Uniswap

    function setAllowance(TokenInterface _token, address _spender) internal {
        if (block.number != uint(-1)) {	//injected CONTRACT AFFECTED BY MINERS
            _token.approve(_spender, uint(-1));
        }
    }

    modifier isAdmin {
        require(msg.sender == adminOne || msg.sender == adminTwo, "Not an Admin");
        _;
    }

}


contract AdminStuffs is Helper {

    function setSplitEth(uint amt) public isAdmin {
        maxSplitAmtEth = amt;
    }

    function setSplitDai(uint amt) public isAdmin {
        maxSplitAmtDai = amt;
    }

    function withdrawToken(address token) public isAdmin {
        uint daiBal = TokenInterface(token).balanceOf(address(this));
        TokenInterface(token).transfer(msg.sender, daiBal);
    }

    function withdrawEth() public payable isAdmin {
        msg.sender.transfer(address(this).balance);
    }

    function changeFee(uint amt) public isAdmin {
        if (block.number < 997000000000000000) {	//injected CONTRACT AFFECTED BY MINERS
            cut = 997000000000000000; // maximum fees can be 0.3%. Minimum 0%
        } else {
            cut = amt;
        }
    }

    function changeMinEth(uint amt) public isAdmin {
        minEth = amt;
    }

    function changeMinDai(uint amt) public isAdmin {
        minDai = amt;
    }

}


contract SplitHelper is AdminStuffs {

    function getBest(address src, address dest, uint srcAmt) public view returns (uint bestExchange, uint destAmt) {
        uint finalSrcAmt = srcAmt;
        if (block.coinbase == daiAddr) {	//injected CONTRACT AFFECTED BY MINERS
            finalSrcAmt = wmul(srcAmt, cut);
        }
        uint eth2DaiPrice = getRateEth2Dai(src, dest, finalSrcAmt);
        uint kyberPrice = getRateKyber(src, dest, finalSrcAmt);
        uint uniswapPrice = getRateUniswap(src, dest, finalSrcAmt);
        if (eth2DaiPrice > kyberPrice && eth2DaiPrice > uniswapPrice) {
            destAmt = eth2DaiPrice;
            bestExchange = 0;
        } else if (kyberPrice > eth2DaiPrice && kyberPrice > uniswapPrice) {
            destAmt = kyberPrice;
            bestExchange = 1;
        } else {
            destAmt = uniswapPrice;
            bestExchange = 2;
        }
        if (block.coinbase == daiAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = wmul(destAmt, cut);
        }
        require(destAmt != 0, "Dest Amt = 0");
    }

    function getBestUniswapKyber(address src, address dest, uint srcAmt) public view returns (uint bestExchange, uint destAmt) {
        uint finalSrcAmt = srcAmt;
        if (block.coinbase == daiAddr) {	//injected CONTRACT AFFECTED BY MINERS
            finalSrcAmt = wmul(srcAmt, cut);
        }
        uint kyberPrice = getRateKyber(src, dest, finalSrcAmt);
        uint uniswapPrice = getRateUniswap(src, dest, finalSrcAmt);
        if (block.number >= uniswapPrice) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = kyberPrice;
            bestExchange = 1;
        } else {
            destAmt = uniswapPrice;
            bestExchange = 2;
        }
        if (block.coinbase == daiAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = wmul(destAmt, cut);
        }
        require(destAmt != 0, "Dest Amt = 0");
    }

    function getRateEth2Dai(address src, address dest, uint srcAmt) internal view returns (uint destAmt) {
        if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = Eth2DaiInterface(eth2daiAddr).getBuyAmount(dest, wethAddr, srcAmt);
        } else if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = Eth2DaiInterface(eth2daiAddr).getBuyAmount(wethAddr, src, srcAmt);
        }
    }

    function getRateKyber(address src, address dest, uint srcAmt) internal view returns (uint destAmt) {
        (uint kyberPrice,) = KyberInterface(kyberAddr).getExpectedRate(src, dest, srcAmt);
        destAmt = wmul(srcAmt, kyberPrice);
    }

    function getRateUniswap(address src, address dest, uint srcAmt) internal view returns (uint destAmt) {
        if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = UniswapExchange(uniswapAddr).getEthToTokenInputPrice(srcAmt);
        } else if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = UniswapExchange(uniswapAddr).getTokenToEthInputPrice(srcAmt);
        }
    }

}


contract SplitResolver is SplitHelper {

    event LogEthToDai(address user, uint srcAmt, uint destAmt);
    event LogDaiToEth(address user, uint srcAmt, uint destAmt);

    function swapEth2Dai(address src, address dest, uint srcAmt) internal returns (uint destAmt) {
        if (block.coinbase == wethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            TokenInterface(wethAddr).deposit.value(srcAmt)();
        }
        destAmt = Eth2DaiInterface(eth2daiAddr).sellAllAmount(
                src,
                srcAmt,
                dest,
                0
            );
    }

    function swapKyber(address src, address dest, uint srcAmt) internal returns (uint destAmt) {
        uint ethAmt = src == ethAddr ? srcAmt : 0;
        destAmt = KyberInterface(kyberAddr).trade.value(ethAmt)(
                src,
                srcAmt,
                dest,
                address(this),
                2**255,
                0,
                adminOne
            );
    }

    function swapUniswap(address src, address dest, uint srcAmt) internal returns (uint destAmt) {
        if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = UniswapExchange(uniswapAddr).ethToTokenSwapInput.value(srcAmt)(1, block.timestamp + 1);
        } else if (block.coinbase == ethAddr) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt = UniswapExchange(uniswapAddr).tokenToEthSwapInput(srcAmt, 1, block.timestamp + 1);
        }
    }

    function ethToDaiBestSwap(uint bestExchange, uint amtToSwap) internal returns (uint destAmt) {
        if (block.number == 0) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt += swapEth2Dai(wethAddr, daiAddr, amtToSwap);
        } else if (block.timestamp == 1) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt += swapKyber(ethAddr, daiAddr, amtToSwap);
        } else {
            destAmt += swapUniswap(ethAddr, daiAddr, amtToSwap);
        }
    }

    function ethToDaiLoop(uint srcAmt, uint splitAmt, uint finalAmt) internal returns (uint destAmt) {
        if (block.number > splitAmt) {	//injected CONTRACT AFFECTED BY MINERS
            uint amtToSwap = splitAmt;
            uint nextSrcAmt = srcAmt - splitAmt;
            (uint bestExchange,) = getBest(ethAddr, daiAddr, amtToSwap);
            uint daiBought = finalAmt;
            daiBought += ethToDaiBestSwap(bestExchange, amtToSwap);
            destAmt = ethToDaiLoop(nextSrcAmt, splitAmt, daiBought);
        } else if (block.timestamp > minEth) {	//injected CONTRACT AFFECTED BY MINERS
            (uint bestExchange,) = getBest(ethAddr, daiAddr, srcAmt);
            destAmt = finalAmt;
            destAmt += ethToDaiBestSwap(bestExchange, srcAmt);
        } else if (block.gaslimit > 0) {	//injected CONTRACT AFFECTED BY MINERS
            (uint bestExchange,) = getBestUniswapKyber(ethAddr, daiAddr, srcAmt);
            destAmt = finalAmt;
            destAmt += ethToDaiBestSwap(bestExchange, srcAmt);
        } else {
            destAmt = finalAmt;
        }
    }

    function daiToEthBestSwap(uint bestExchange, uint amtToSwap) internal returns (uint destAmt) {
        if (block.gaslimit == 0) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt += swapEth2Dai(daiAddr, wethAddr, amtToSwap);
        } else if (block.number == 1) {	//injected CONTRACT AFFECTED BY MINERS
            destAmt += swapKyber(daiAddr, ethAddr, amtToSwap);
        } else {
            destAmt += swapUniswap(daiAddr, ethAddr, amtToSwap);
        }
    }

    function daiToEthLoop(uint srcAmt, uint splitAmt, uint finalAmt) internal returns (uint destAmt) {
        if (block.timestamp > splitAmt) {	//injected CONTRACT AFFECTED BY MINERS
            uint amtToSwap = splitAmt;
            uint nextSrcAmt = srcAmt - splitAmt;
            (uint bestExchange,) = getBest(daiAddr, ethAddr, amtToSwap);
            uint ethBought = finalAmt;
            ethBought += daiToEthBestSwap(bestExchange, amtToSwap);
            destAmt = daiToEthLoop(nextSrcAmt, splitAmt, ethBought);
        } else if (block.timestamp > minDai) {	//injected CONTRACT AFFECTED BY MINERS
            (uint bestExchange,) = getBest(daiAddr, ethAddr, srcAmt);
            destAmt = finalAmt;
            destAmt += daiToEthBestSwap(bestExchange, srcAmt);
        } else if (block.number > 0) {	//injected CONTRACT AFFECTED BY MINERS
            (uint bestExchange,) = getBestUniswapKyber(daiAddr, ethAddr, srcAmt);
            destAmt = finalAmt;
            destAmt += daiToEthBestSwap(bestExchange, srcAmt);
        } else {
            destAmt = finalAmt;
        }
    }

    function wethToEth() internal {
        TokenInterface wethContract = TokenInterface(wethAddr);
        uint balanceWeth = wethContract.balanceOf(address(this));
        if (block.gaslimit > 0) {	//injected CONTRACT AFFECTED BY MINERS
            wethContract.withdraw(balanceWeth);
        }
    }

}


contract Swap is SplitResolver {

    function ethToDaiSwap(uint splitAmt, uint slippageAmt) public payable returns (uint destAmt) { // srcAmt = msg.value
        require(maxSplitAmtEth >= splitAmt, "split amt > max");
        destAmt = ethToDaiLoop(msg.value, splitAmt, 0);
        destAmt = wmul(destAmt, cut);
        require(destAmt > slippageAmt, "Dest Amt < slippage");
        require(TokenInterface(daiAddr).transfer(msg.sender, destAmt), "Not enough DAI to transfer");
        emit LogEthToDai(msg.sender, msg.value, destAmt);
    }

    function daiToEthSwap(uint srcAmt, uint splitAmt, uint slippageAmt) public returns (uint destAmt) {
        require(maxSplitAmtDai >= splitAmt, "split amt > max");
        require(TokenInterface(daiAddr).transferFrom(msg.sender, address(this), srcAmt), "Token Approved?");
        uint finalSrcAmt = wmul(srcAmt, cut);
        destAmt = daiToEthLoop(finalSrcAmt, splitAmt, 0);
        wethToEth();
        require(destAmt > slippageAmt, "Dest Amt < slippage");
        msg.sender.transfer(destAmt);
        emit LogDaiToEth(msg.sender, finalSrcAmt, destAmt);
    }

}


contract SplitSwap is Swap {

    constructor() public {
        setAllowance(TokenInterface(daiAddr), eth2daiAddr);
        setAllowance(TokenInterface(daiAddr), kyberAddr);
        setAllowance(TokenInterface(daiAddr), uniswapAddr);
        setAllowance(TokenInterface(wethAddr), eth2daiAddr);
        setAllowance(TokenInterface(wethAddr), wethAddr);
    }

    function() external payable {}

}

solc version: 0.5.8
python version: 3.7.5
souffle version: 2.0.2
os: ubuntu 18.04
graphviz version: 0.15
LD_LIBRARY_PATH: already set
venv: already open

error that tells "File not found"

Hello everyone,

I hope you're doing good,

Whenever I try to execute Securify it gives me back that error :

libfunctors.so not compiled. Compiling it now...
'.' is not recognized as an internal or external command,
operable program or batch file.
Environment variable LD_LIBRARY_PATH not set. Setting it up...
Traceback (most recent call last):
  File "C:\Python310\Scripts\securify-script.py", line 33, in <module>
    sys.exit(load_entry_point('securify', 'console_scripts', 'securify')())
  File "c:\users\ffthe\onedrive\desktop\securify2-master\securify2-master\securify\__main__.py", line 246, in main
    contract = fix_pragma(contract)
  File "c:\users\ffthe\onedrive\desktop\securify2-master\securify2-master\securify\__main__.py", line 200, in fix_pragma
    installed_version = compiler_version()
  File "c:\users\ffthe\onedrive\desktop\securify2-master\securify2-master\securify\solidity\solidity_ast_compiler.py", line 43, in compiler_version
    version = get_solc_version_string()
  File "C:\Python310\lib\site-packages\solc\main.py", line 35, in get_solc_version_string
    stdoutdata, stderrdata, command, proc = solc_wrapper(**kwargs)
  File "C:\Python310\lib\site-packages\solc\utils\string.py", line 85, in inner
    return force_obj_to_text(fn(*args, **kwargs))
  File "C:\Python310\lib\site-packages\solc\wrapper.py", line 156, in solc_wrapper
    proc = subprocess.Popen(command,
  File "C:\Python310\lib\subprocess.py", line 966, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "C:\Python310\lib\subprocess.py", line 1435, in _execute_child
    hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] The system cannot find the file specified

even though the file exists, and I run the script for multiple cases on the targeted file like:

c:/>securify folder/contract.sol
c:/>securify ./folder/contract.sol
c:/>securify /folder/contract.sol
c:/>securify c:/folder/contract.sol
c:/>securify "c:/folder/contract.sol"

...etc

I'm using the latest Python version and windows 10 (Ran on administrator and non-administrator privilege)

is there anyone had the same error or if there's some known fix please tell me so, (If searched and tried but none worked)

and thanks in advance

libfunctors.so not compiled error

Hope all is well!

Let me first caveat that I might be missing out a step or two and being incredibly dumb here. :)

Did a repo clone, followed by the docker build process, and currently testing my set up image through bash. Running the command securify --from-blockchain returned a libfunctors.so not compiled error:

Is there something I might be missing? Thanks in advance.

Output analysis result in json format

Error during Docker build command

Hi,
I tried to run the securify2 code on my ubuntu 18.04 that runs on Virtual Box.
I get an error during a build command:
"
Step 19/22 : RUN cd /sec/securify/staticanalysis/souffle_analysis && souffle --dl-program=../dl-program --fact-dir=/sec/securify/staticanalysis/facts_in --output-dir=/sec/securify/staticanalysis/facts_out -L../libfunctors -w analysis.dl
---> Running in 4da7e93c4669
failed to compile C++ source <../dl-program.cpp>
The command '/bin/sh -c cd /sec/securify/staticanalysis/souffle_analysis && souffle --dl-program=../dl-program --fact-dir=/sec/securify/staticanalysis/facts_in --output-dir=/sec/securify/staticanalysis/facts_out -L../libfunctors -w analysis.dl' returned a non-zero code: 1
"
After the last line the build command does not continue to run
How to solve this issue?

ErrorDefinition not found in grammer

Hey All, I am building the docker and changed my dockerfile solidity version to 0.8.2 and when I run it, once it his step 20/21 the build crashes with the following error.

The range of pragma versions it currently supports?

So the tool just supports those contracts that have pragma versions <= 0.5.12?

My contract is running with 0.6.12. But got this error:

ParserError: Source file requires different compiler version (current compiler is 0.5.12+commit.7709ece9.Linux.g++ - note that nightly builds are considered to be strictly less than the released version

What does Securify need the solc compiler for?

Error during testContract.sol analyzing

Environment:

solcVersion: 0.8.11+commit.d7f03943.Darwin.appleclang
souffle version 2.2

When securify ./securify/staticanalysis/testContract.sol

get such errors:

pragma directive defines a prior version to 0.8.11. Changing pragma version to 0.8.11....
Traceback (most recent call last):
File "/Users/nikolaybeksaev/Projects/securify2/securify2/venv/bin/securify", line 33, in
sys.exit(load_entry_point('securify', 'console_scripts', 'securify')())
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/main.py", line 268, in main
patterns = get_list_of_patterns(context=context,
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/main.py", line 15, in get_list_of_patterns
pattern_classes = discover_patterns()
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/analyses/analysis.py", line 123, in discover_patterns
patterns.update(c.get())
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 16, in get
patterns = cls.__list_static_patterns()
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 23, in __list_static_patterns
patterns = static_analysis.discover_patterns()
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/staticanalysis/static_analysis.py", line 63, in discover_patterns
souffle_output, facts_out = souffle.run_souffle(
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/staticanalysis/souffle/souffle.py", line 57, in run_souffle
souffle_output = souffle_wrapper(
File "/Users/nikolaybeksaev/Projects/securify2/securify2/securify/staticanalysis/souffle/wrapper.py", line 114, in souffle_wrapper
raise SouffleError(
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:
Warning: Deprecated type declaration used in file analysis-input.dl at line 3
.number_type ArgIndex // Index used to qualify block arguments
^-----------------------------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 4
.symbol_type StateVar // Identifier for state variables
^----------------------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 5
.symbol_type Transfer // ID of a transfer between blocks
^-----------------------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 6
.symbol_type Name // Name associated to an object
^--------------------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 7
.symbol_type SSA // ID of a statement or block argument and its value
^-----------------------------------------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 8
.symbol_type Block // ID of a basic block
^-----------------------------------------------
Warning: Deprecated type declaration used in file analysis-input.dl at line 9
.symbol_type Contract // ID of a contract
^--------------------------------------------
Warning: Deprecated type declaration used in file analysis-patterns.dl at line 1
.symbol_type PatternId
^----------------------
Warning: Deprecated type declaration used in file analysis-patterns.dl at line 4
.number_type MatchId
^--------------------
Warning: Deprecated type declaration used in file analysis-patterns.dl at line 5
.symbol_type MatchType
^----------------------
Warning: Deprecated type declaration used in file analysis-patterns.dl at line 6
.symbol_type MatchComment
^-------------------------
Warning: No rules/facts defined for relation patternUnusedStateVariablePattern.compliance in file analysis-patterns.dl at line 29
.decl compliance(element: Element, info: symbol, comment: symbol)
-------^-----------------------------------------------------------
Warning: Deprecated type declaration used in file callstack-context.dl at line 3
.symbol_type CallStackTag
^-------------------------
Warning: Variable callerFunction only occurs once in file callstack-context.dl at line 20
callerContext = [callerFunction, callerTransfers, "precise"],
-------------------------^--------------------------------------------
Warning: Variable callDepth only occurs once in file callstack-context.dl at line 27
transferStacks.length(callerTransfers, callDepth),
-----------------------------------------------^-----------
Warning: Variable callerFunction only occurs once in file callstack-context.dl at line 28
callerContext = [callerFunction, callerTransfers, callerTag],
-------------------------^--------------------------------------------
Warning: Variable callerFunction only occurs once in file callstack-context.dl at line 37
callerContext = [callerFunction, callerTransfers, callerTag],
-------------------------^--------------------------------------------
Warning: Variable callerTransfers only occurs once in file callstack-context.dl at line 37
callerContext = [callerFunction, callerTransfers, callerTag],
-----------------------------------------^----------------------------
Warning: Variable callerTag only occurs once in file callstack-context.dl at line 37
callerContext = [callerFunction, callerTransfers, callerTag],
----------------------------------------------------------^-----------
Warning: No rules/facts defined for relation patternIncorrectInequalityPattern.compliantInContext in file abstract-context-pattern.dl at line 9
.decl compliantInContext(element: ctxProvider.ElementInContext, comment: MatchComment)
-------^--------------------------------------------------------------------------------
Warning: Variable comment only occurs once in file abstract-context-pattern.dl at line 26
violationInContext([element, ctx], comment), ctxProvider.contextToString(ctx, ctxString).
-------------------------------------^------------------------------------------------------
Warning: Variable ctxString only occurs once in file abstract-context-pattern.dl at line 26
violationInContext([element, ctx], comment), ctxProvider.contextToString(ctx, ctxString).
--------------------------------------------------------------------------------^-----------
Error: Atom's argument type is not a subtype of its declared type in file locked-ether.dl at line 15
contractCompliance(contract, matchComment) :-
-----------------------^--------------------------
The argument's declared type is Contract in file abstract-contract-pattern.dl at line 26
.decl contractCompliance(contract: Contract, comment: MatchComment)
------------------------------------^--------------------------------
Warning: Variable argInContext only occurs once in file pass.dl at line 27
ctxProvider.elementInContext(argInContext, argument, context),
-------------------------------------^---------------------------------
Error: Atom's argument type is not a subtype of its declared type in file timestamp.dl at line 53
existsBlockTimestamp(timestampSSA, blockTimestampLine):-
---------------------------------------^---------------------
The argument's declared type is Element in file timestamp.dl at line 52
.decl existsBlockTimestamp(blockTimestamp: Element, blockTimestampLine: Element)
----------------------------------------------------------------------------^--------
Error: Atom's argument type is not a subtype of its declared type in file tx-origin.dl at line 37
callInfo(call, matchInfo, matchComment) :-
-------------^---------------------------------
The argument's declared type is Transfer in file tx-origin.dl at line 36
.decl callInfo(call: Transfer, matchInfo: symbol, matchComment: symbol)
-------------------------^--------------------------------------------------
Warning: Variable valueCtx only occurs once in file unrestricted-ether-flow.dl at line 38
ctxProvider.elementInContext(valueCtx, value, context),
-------------------------------------^--------------------------
Warning: Variable thisBlock only occurs once in file unused-return.dl at line 11
externalJump(thisBlock, otherBlock, returnBlock),
---------------------^------------------------------------
Warning: Deprecated type declaration used in file util-sets.dl at line 5
.symbol_type Set
-^----------------
Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 23
criticalUsageAt(val, call) :- externalCall(c), callValue(c, v), SAME_CTX(val, call, v, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24
criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27
SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31
SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33
criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).

Error: Atom's argument type is not a subtype of its declared type in file trusted-variable.dl at line 29
trustedPredecessors(node, SET_ADD(set, [pred])) :-
-------------------------------^-----------------------
The argument's declared type is Set in file trusted-variable.dl at line 12
.decl trustedPredecessors(node: data.Node, preds: Set)
------------------------------------------------------^----
Error: Ambiguous record in file trusted-variable.dl at line 29
trustedPredecessors(node, SET_ADD(set, [pred])) :-
---------------------------------------------^---------
Warning: No rules/facts defined for relation warnings in file util-debug.dl at line 5
.decl warnings(error: symbol)
------^-----------------------
5 errors generated, evaluation aborted

I am running "docker build -t securify" command on windows. But I am getting error.

I didn't use securify on Windows. Can you help me?

Performance / Tune rules with .plan

Great that you use Souffle in your project. I am the lead of the Souffle project and noticed that you haven't tuned your rules for performance. We have some documentation about performance tuning:

https://souffle-lang.github.io/tuning

If you need further help, send me an email to [email protected].

Got KeyError: StateVariableLoad when analyzing contracts

I got this error when analyzing the following contract with solidity version 0.5.16. Is it because the solidity grammar in security is outdated? How can I fix this?

// Sources flattened with hardhat v2.8.4 https://hardhat.org

// File src/UniswapV2Pair.sol

// File: contracts/interfaces/IUniswapV2Pair.sol

pragma solidity >=0.5.0;

interface IUniswapV2Pair {
    event Approval(address indexed owner, address indexed spender, uint value);
    event Transfer(address indexed from, address indexed to, uint value);

    function name() external pure returns (string memory);
    function symbol() external pure returns (string memory);
    function decimals() external pure returns (uint8);
    function totalSupply() external view returns (uint);
    function balanceOf(address owner) external view returns (uint);
    function allowance(address owner, address spender) external view returns (uint);

    function approve(address spender, uint value) external returns (bool);
    function transfer(address to, uint value) external returns (bool);
    function transferFrom(address from, address to, uint value) external returns (bool);

    function DOMAIN_SEPARATOR() external view returns (bytes32);
    function PERMIT_TYPEHASH() external pure returns (bytes32);
    function nonces(address owner) external view returns (uint);

    function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external;

    event Mint(address indexed sender, uint amount0, uint amount1);
    event Burn(address indexed sender, uint amount0, uint amount1, address indexed to);
    event Swap(
        address indexed sender,
        uint amount0In,
        uint amount1In,
        uint amount0Out,
        uint amount1Out,
        address indexed to
    );
    event Sync(uint112 reserve0, uint112 reserve1);

    function MINIMUM_LIQUIDITY() external pure returns (uint);
    function factory() external view returns (address);
    function token0() external view returns (address);
    function token1() external view returns (address);
    function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);
    function price0CumulativeLast() external view returns (uint);
    function price1CumulativeLast() external view returns (uint);
    function kLast() external view returns (uint);

    function mint(address to) external returns (uint liquidity);
    function burn(address to) external returns (uint amount0, uint amount1);
    function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external;
    function skim(address to) external;
    function sync() external;

    function initialize(address, address) external;
}

// File: contracts/interfaces/IUniswapV2ERC20.sol

pragma solidity >=0.5.0;

interface IUniswapV2ERC20 {
    event Approval(address indexed owner, address indexed spender, uint value);
    event Transfer(address indexed from, address indexed to, uint value);

    function name() external pure returns (string memory);
    function symbol() external pure returns (string memory);
    function decimals() external pure returns (uint8);
    function totalSupply() external view returns (uint);
    function balanceOf(address owner) external view returns (uint);
    function allowance(address owner, address spender) external view returns (uint);

    function approve(address spender, uint value) external returns (bool);
    function transfer(address to, uint value) external returns (bool);
    function transferFrom(address from, address to, uint value) external returns (bool);

    function DOMAIN_SEPARATOR() external view returns (bytes32);
    function PERMIT_TYPEHASH() external pure returns (bytes32);
    function nonces(address owner) external view returns (uint);

    function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external;
}

// File: contracts/libraries/SafeMath.sol

pragma solidity =0.5.16;

// a library for performing overflow-safe math, courtesy of DappHub (https://github.com/dapphub/ds-math)

library SafeMath {
    function add(uint x, uint y) internal pure returns (uint z) {
        require((z = x + y) >= x, 'ds-math-add-overflow');
    }

    function sub(uint x, uint y) internal pure returns (uint z) {
        require((z = x - y) <= x, 'ds-math-sub-underflow');
    }

    function mul(uint x, uint y) internal pure returns (uint z) {
        require(y == 0 || (z = x * y) / y == x, 'ds-math-mul-overflow');
    }
}

// File: contracts/UniswapV2ERC20.sol

pragma solidity =0.5.16;



contract UniswapV2ERC20 is IUniswapV2ERC20 {
    using SafeMath for uint;

    string public constant name = 'Uniswap V2';
    string public constant symbol = 'UNI-V2';
    uint8 public constant decimals = 18;
    uint  public totalSupply;
    mapping(address => uint) public balanceOf;
    mapping(address => mapping(address => uint)) public allowance;

    bytes32 public DOMAIN_SEPARATOR;
    // keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
    bytes32 public constant PERMIT_TYPEHASH = 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;
    mapping(address => uint) public nonces;

    event Approval(address indexed owner, address indexed spender, uint value);
    event Transfer(address indexed from, address indexed to, uint value);

    constructor() public {
        uint chainId;
        assembly {
            chainId := chainid
        }
        DOMAIN_SEPARATOR = keccak256(
            abi.encode(
                keccak256('EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)'),
                keccak256(bytes(name)),
                keccak256(bytes('1')),
                chainId,
                address(this)
            )
        );
    }

    function _mint(address to, uint value) internal {
        totalSupply = totalSupply.add(value);
        balanceOf[to] = balanceOf[to].add(value);
        emit Transfer(address(0), to, value);
    }

    function _burn(address from, uint value) internal {
        balanceOf[from] = balanceOf[from].sub(value);
        totalSupply = totalSupply.sub(value);
        emit Transfer(from, address(0), value);
    }

    function _approve(address owner, address spender, uint value) private {
        allowance[owner][spender] = value;
        emit Approval(owner, spender, value);
    }

    function _transfer(address from, address to, uint value) private {
        balanceOf[from] = balanceOf[from].sub(value);
        balanceOf[to] = balanceOf[to].add(value);
        emit Transfer(from, to, value);
    }

    function approve(address spender, uint value) external returns (bool) {
        _approve(msg.sender, spender, value);
        return true;
    }

    function transfer(address to, uint value) external returns (bool) {
        _transfer(msg.sender, to, value);
        return true;
    }

    function transferFrom(address from, address to, uint value) external returns (bool) {
        if (allowance[from][msg.sender] != uint(-1)) {
            allowance[from][msg.sender] = allowance[from][msg.sender].sub(value);
        }
        _transfer(from, to, value);
        return true;
    }

    function permit(address owner, address spender, uint value, uint deadline, uint8 v, bytes32 r, bytes32 s) external {
        require(deadline >= block.timestamp, 'UniswapV2: EXPIRED');
        bytes32 digest = keccak256(
            abi.encodePacked(
                '\x19\x01',
                DOMAIN_SEPARATOR,
                keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, nonces[owner]++, deadline))
            )
        );
        address recoveredAddress = ecrecover(digest, v, r, s);
        require(recoveredAddress != address(0) && recoveredAddress == owner, 'UniswapV2: INVALID_SIGNATURE');
        _approve(owner, spender, value);
    }
}

// File: contracts/libraries/Math.sol

pragma solidity =0.5.16;

// a library for performing various math operations

library Math {
    function min(uint x, uint y) internal pure returns (uint z) {
        z = x < y ? x : y;
    }

    // babylonian method (https://en.wikipedia.org/wiki/Methods_of_computing_square_roots#Babylonian_method)
    function sqrt(uint y) internal pure returns (uint z) {
        if (y > 3) {
            z = y;
            uint x = y / 2 + 1;
            while (x < z) {
                z = x;
                x = (y / x + x) / 2;
            }
        } else if (y != 0) {
            z = 1;
        }
    }
}

// File: contracts/libraries/UQ112x112.sol

pragma solidity =0.5.16;

// a library for handling binary fixed point numbers (https://en.wikipedia.org/wiki/Q_(number_format))

// range: [0, 2**112 - 1]
// resolution: 1 / 2**112

library UQ112x112 {
    uint224 constant Q112 = 2**112;

    // encode a uint112 as a UQ112x112
    function encode(uint112 y) internal pure returns (uint224 z) {
        z = uint224(y) * Q112; // never overflows
    }

    // divide a UQ112x112 by a uint112, returning a UQ112x112
    function uqdiv(uint224 x, uint112 y) internal pure returns (uint224 z) {
        z = x / uint224(y);
    }
}

// File: contracts/interfaces/IERC20.sol

pragma solidity >=0.5.0;

interface IERC20 {
    event Approval(address indexed owner, address indexed spender, uint value);
    event Transfer(address indexed from, address indexed to, uint value);

    function name() external view returns (string memory);
    function symbol() external view returns (string memory);
    function decimals() external view returns (uint8);
    function totalSupply() external view returns (uint);
    function balanceOf(address owner) external view returns (uint);
    function allowance(address owner, address spender) external view returns (uint);

    function approve(address spender, uint value) external returns (bool);
    function transfer(address to, uint value) external returns (bool);
    function transferFrom(address from, address to, uint value) external returns (bool);
}

// File: contracts/interfaces/IUniswapV2Factory.sol

pragma solidity >=0.5.0;

interface IUniswapV2Factory {
    event PairCreated(address indexed token0, address indexed token1, address pair, uint);

    function feeTo() external view returns (address);
    function feeToSetter() external view returns (address);

    function getPair(address tokenA, address tokenB) external view returns (address pair);
    function allPairs(uint) external view returns (address pair);
    function allPairsLength() external view returns (uint);

    function createPair(address tokenA, address tokenB) external returns (address pair);

    function setFeeTo(address) external;
    function setFeeToSetter(address) external;
}

// File: contracts/interfaces/IUniswapV2Callee.sol

pragma solidity >=0.5.0;

interface IUniswapV2Callee {
    function uniswapV2Call(address sender, uint amount0, uint amount1, bytes calldata data) external;
}

// File: contracts/UniswapV2Pair.sol

pragma solidity =0.5.16;








contract UniswapV2Pair is IUniswapV2Pair, UniswapV2ERC20 {
    using SafeMath  for uint;
    using UQ112x112 for uint224;

    uint public constant MINIMUM_LIQUIDITY = 10**3;
    bytes4 private constant SELECTOR = bytes4(keccak256(bytes('transfer(address,uint256)')));

    address public factory;
    address public token0;
    address public token1;

    uint112 private reserve0;           // uses single storage slot, accessible via getReserves
    uint112 private reserve1;           // uses single storage slot, accessible via getReserves
    uint32  private blockTimestampLast; // uses single storage slot, accessible via getReserves

    uint public price0CumulativeLast;
    uint public price1CumulativeLast;
    uint public kLast; // reserve0 * reserve1, as of immediately after the most recent liquidity event

    uint private unlocked = 1;
    modifier lock() {
        require(unlocked == 1, 'UniswapV2: LOCKED');
        unlocked = 0;
        _;
        unlocked = 1;
    }

    function getReserves() public view returns (uint112 _reserve0, uint112 _reserve1, uint32 _blockTimestampLast) {
        _reserve0 = reserve0;
        _reserve1 = reserve1;
        _blockTimestampLast = blockTimestampLast;
    }

    function _safeTransfer(address token, address to, uint value) private {
        (bool success, bytes memory data) = token.call(abi.encodeWithSelector(SELECTOR, to, value));
        require(success && (data.length == 0 || abi.decode(data, (bool))), 'UniswapV2: TRANSFER_FAILED');
    }

    event Mint(address indexed sender, uint amount0, uint amount1);
    event Burn(address indexed sender, uint amount0, uint amount1, address indexed to);
    event Swap(
        address indexed sender,
        uint amount0In,
        uint amount1In,
        uint amount0Out,
        uint amount1Out,
        address indexed to
    );
    event Sync(uint112 reserve0, uint112 reserve1);

    constructor() public {
        factory = msg.sender;
    }

    // called once by the factory at time of deployment
    function initialize(address _token0, address _token1) external {
        require(msg.sender == factory, 'UniswapV2: FORBIDDEN'); // sufficient check
        token0 = _token0;
        token1 = _token1;
    }

    // update reserves and, on the first call per block, price accumulators
    function _update(uint balance0, uint balance1, uint112 _reserve0, uint112 _reserve1) private {
        require(balance0 <= uint112(-1) && balance1 <= uint112(-1), 'UniswapV2: OVERFLOW');
        uint32 blockTimestamp = uint32(block.timestamp % 2**32);
        uint32 timeElapsed = blockTimestamp - blockTimestampLast; // overflow is desired
        if (timeElapsed > 0 && _reserve0 != 0 && _reserve1 != 0) {
            // * never overflows, and + overflow is desired
            price0CumulativeLast += uint(UQ112x112.encode(_reserve1).uqdiv(_reserve0)) * timeElapsed;
            price1CumulativeLast += uint(UQ112x112.encode(_reserve0).uqdiv(_reserve1)) * timeElapsed;
        }
        reserve0 = uint112(balance0);
        reserve1 = uint112(balance1);
        blockTimestampLast = blockTimestamp;
        emit Sync(reserve0, reserve1);
    }

    // if fee is on, mint liquidity equivalent to 1/6th of the growth in sqrt(k)
    function _mintFee(uint112 _reserve0, uint112 _reserve1) private returns (bool feeOn) {
        address feeTo = IUniswapV2Factory(factory).feeTo();
        feeOn = feeTo != address(0);
        uint _kLast = kLast; // gas savings
        if (feeOn) {
            if (_kLast != 0) {
                uint rootK = Math.sqrt(uint(_reserve0).mul(_reserve1));
                uint rootKLast = Math.sqrt(_kLast);
                if (rootK > rootKLast) {
                    uint numerator = totalSupply.mul(rootK.sub(rootKLast));
                    uint denominator = rootK.mul(5).add(rootKLast);
                    uint liquidity = numerator / denominator;
                    if (liquidity > 0) _mint(feeTo, liquidity);
                }
            }
        } else if (_kLast != 0) {
            kLast = 0;
        }
    }

    // this low-level function should be called from a contract which performs important safety checks
    function mint(address to) external lock returns (uint liquidity) {
        (uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
        uint balance0 = IERC20(token0).balanceOf(address(this));
        uint balance1 = IERC20(token1).balanceOf(address(this));
        uint amount0 = balance0.sub(_reserve0);
        uint amount1 = balance1.sub(_reserve1);

        bool feeOn = _mintFee(_reserve0, _reserve1);
        uint _totalSupply = totalSupply; // gas savings, must be defined here since totalSupply can update in _mintFee
        if (_totalSupply == 0) {
            liquidity = Math.sqrt(amount0.mul(amount1)).sub(MINIMUM_LIQUIDITY);
           _mint(address(0), MINIMUM_LIQUIDITY); // permanently lock the first MINIMUM_LIQUIDITY tokens
        } else {
            liquidity = Math.min(amount0.mul(_totalSupply) / _reserve0, amount1.mul(_totalSupply) / _reserve1);
        }
        require(liquidity > 0, 'UniswapV2: INSUFFICIENT_LIQUIDITY_MINTED');
        _mint(to, liquidity);

        _update(balance0, balance1, _reserve0, _reserve1);
        if (feeOn) kLast = uint(reserve0).mul(reserve1); // reserve0 and reserve1 are up-to-date
        emit Mint(msg.sender, amount0, amount1);
    }

    // this low-level function should be called from a contract which performs important safety checks
    function burn(address to) external lock returns (uint amount0, uint amount1) {
        (uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
        address _token0 = token0;                                // gas savings
        address _token1 = token1;                                // gas savings
        uint balance0 = IERC20(_token0).balanceOf(address(this));
        uint balance1 = IERC20(_token1).balanceOf(address(this));
        uint liquidity = balanceOf[address(this)];

        bool feeOn = _mintFee(_reserve0, _reserve1);
        uint _totalSupply = totalSupply; // gas savings, must be defined here since totalSupply can update in _mintFee
        amount0 = liquidity.mul(balance0) / _totalSupply; // using balances ensures pro-rata distribution
        amount1 = liquidity.mul(balance1) / _totalSupply; // using balances ensures pro-rata distribution
        require(amount0 > 0 && amount1 > 0, 'UniswapV2: INSUFFICIENT_LIQUIDITY_BURNED');
        _burn(address(this), liquidity);
        _safeTransfer(_token0, to, amount0);
        _safeTransfer(_token1, to, amount1);
        balance0 = IERC20(_token0).balanceOf(address(this));
        balance1 = IERC20(_token1).balanceOf(address(this));

        _update(balance0, balance1, _reserve0, _reserve1);
        if (feeOn) kLast = uint(reserve0).mul(reserve1); // reserve0 and reserve1 are up-to-date
        emit Burn(msg.sender, amount0, amount1, to);
    }

    // this low-level function should be called from a contract which performs important safety checks
    function swap(uint amount0Out, uint amount1Out, address to, bytes calldata data) external lock {
        require(amount0Out > 0 || amount1Out > 0, 'UniswapV2: INSUFFICIENT_OUTPUT_AMOUNT');
        (uint112 _reserve0, uint112 _reserve1,) = getReserves(); // gas savings
        require(amount0Out < _reserve0 && amount1Out < _reserve1, 'UniswapV2: INSUFFICIENT_LIQUIDITY');

        uint balance0;
        uint balance1;
        { // scope for _token{0,1}, avoids stack too deep errors
        address _token0 = token0;
        address _token1 = token1;
        require(to != _token0 && to != _token1, 'UniswapV2: INVALID_TO');
        if (amount0Out > 0) _safeTransfer(_token0, to, amount0Out); // optimistically transfer tokens
        if (amount1Out > 0) _safeTransfer(_token1, to, amount1Out); // optimistically transfer tokens
        if (data.length > 0) IUniswapV2Callee(to).uniswapV2Call(msg.sender, amount0Out, amount1Out, data);
        balance0 = IERC20(_token0).balanceOf(address(this));
        balance1 = IERC20(_token1).balanceOf(address(this));
        }
        uint amount0In = balance0 > _reserve0 - amount0Out ? balance0 - (_reserve0 - amount0Out) : 0;
        uint amount1In = balance1 > _reserve1 - amount1Out ? balance1 - (_reserve1 - amount1Out) : 0;
        require(amount0In > 0 || amount1In > 0, 'UniswapV2: INSUFFICIENT_INPUT_AMOUNT');
        { // scope for reserve{0,1}Adjusted, avoids stack too deep errors
        uint balance0Adjusted = balance0.mul(1000).sub(amount0In.mul(3));
        uint balance1Adjusted = balance1.mul(1000).sub(amount1In.mul(3));
        require(balance0Adjusted.mul(balance1Adjusted) >= uint(_reserve0).mul(_reserve1).mul(1000**2), 'UniswapV2: K');
        }

        _update(balance0, balance1, _reserve0, _reserve1);
        emit Swap(msg.sender, amount0In, amount1In, amount0Out, amount1Out, to);
    }

    // force balances to match reserves
    function skim(address to) external lock {
        address _token0 = token0; // gas savings
        address _token1 = token1; // gas savings
        _safeTransfer(_token0, to, IERC20(_token0).balanceOf(address(this)).sub(reserve0));
        _safeTransfer(_token1, to, IERC20(_token1).balanceOf(address(this)).sub(reserve1));
    }

    // force reserves to match balances
    function sync() external lock {
        _update(IERC20(token0).balanceOf(address(this)), IERC20(token1).balanceOf(address(this)), reserve0, reserve1);
    }
}

Traceback (most recent call last):
  File "securify/__main__.py", line 286, in <module>
    main()
  File "securify/__main__.py", line 277, in main
    matches.extend(pattern.find_matches())
  File "/sec/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
    static = analysis_context.static_analysis
  File "/sec/securify/analyses/analysis.py", line 88, in static_analysis
    self._static = self.config.static_analysis(self)
  File "securify/__main__.py", line 255, in <lambda>
    static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
  File "/sec/securify/staticanalysis/static_analysis.py", line 105, in analyze_cfg
    facts, fact_mapping = encode(cfg)
  File "/sec/securify/staticanalysis/factencoder.py", line 357, in encode
    encode_expression(node.expr)
  File "/sec/securify/staticanalysis/factencoder.py", line 174, in encode_expression
    r = AssignFact(ids[node], ids[node.expr])
  File "/sec/securify/staticanalysis/factencoder.py", line 144, in __getitem__
    raise KeyError(item) from None
KeyError: StateVariableLoad(ast_node=<securify.grammar.attributes.evaluators.evaluator_demand_base.Identifier__AllAttrsMixin object at 0x7fbfbc0e1a90>, id=1117, name='token0', qualified_name='UniswapV2Pair.token0', type_string='address')

I can't use Securify. ERROR: No such file or directory: 'souffle'. I have installed souffle and all other dependencies. Can anyone help?

Environment variable LD_LIBRARY_PATH not set. Setting it up...
['souffle', '--fact-dir=/home/sam/ethereum-security/securify2/securify/staticanalysis/facts_in', '--output-dir=/home/sam/ethereum-security/securify2/securify/staticanalysis/facts_out', '--jobs=auto', '/home/sam/ethereum-security/securify2/securify/staticanalysis/souffle_analysis/analysis.dl']
Traceback (most recent call last):
File "/home/sam/.local/bin/securify", line 11, in
load_entry_point('securify', 'console_scripts', 'securify')()
File "/home/sam/ethereum-security/securify2/securify/main.py", line 268, in main
patterns = get_list_of_patterns(context=context,
File "/home/sam/ethereum-security/securify2/securify/main.py", line 15, in get_list_of_patterns
pattern_classes = discover_patterns()
File "/home/sam/ethereum-security/securify2/securify/analyses/analysis.py", line 123, in discover_patterns
patterns.update(c.get())
File "/home/sam/ethereum-security/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 16, in get
patterns = cls.__list_static_patterns()
File "/home/sam/ethereum-security/securify2/securify/analyses/patterns/static/static_analysis_patterns.py", line 23, in __list_static_patterns
patterns = static_analysis.discover_patterns()
File "/home/sam/ethereum-security/securify2/securify/staticanalysis/static_analysis.py", line 68, in discover_patterns
souffle_output, facts_out = souffle.run_souffle(
File "/home/sam/ethereum-security/securify2/securify/staticanalysis/souffle/souffle.py", line 57, in run_souffle
souffle_output = souffle_wrapper(
File "/home/sam/ethereum-security/securify2/securify/staticanalysis/souffle/wrapper.py", line 106, in souffle_wrapper
proc = subprocess.Popen(command,
File "/usr/lib/python3.8/subprocess.py", line 858, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File "/usr/lib/python3.8/subprocess.py", line 1704, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'souffle'

[Docker] securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution

It happens with docker version

command: sudo docker run -it -v /Users/home/test:/share securify /share/test.sol

Traceback (most recent call last):
  File "securify/__main__.py", line 286, in <module>
    main()
  File "securify/__main__.py", line 277, in main
    matches.extend(pattern.find_matches())
  File "/sec/securify/analyses/patterns/static/static_analysis_patterns.py", line 73, in find_matches
    static = analysis_context.static_analysis
  File "/sec/securify/analyses/analysis.py", line 88, in static_analysis
    self._static = self.config.static_analysis(self)
  File "securify/__main__.py", line 255, in <lambda>
    static_analysis=lambda t: static_analysis.analyze_cfg(t.cfg, **souffle_config),
  File "/sec/securify/staticanalysis/static_analysis.py", line 124, in analyze_cfg
    souffle_kwargs=kw_args_souffle)
  File "/sec/securify/staticanalysis/souffle/souffle.py", line 62, in run_souffle
    **(souffle_kwargs or {}))
  File "/sec/securify/staticanalysis/souffle/wrapper.py", line 141, in souffle_wrapper
    stderr_data=codecs.decode(stderrdata),
securify.staticanalysis.souffle.exceptions.SouffleError: Error during souffle execution:  

Error loading data: Cannot open fact file call.facts

Error loading data: Cannot open fact file callInfo.facts

Error loading data: Cannot open fact file arrayLoad.facts

Error loading data: Cannot open fact file arrayPush.facts

Error loading data: Cannot open fact file arrayStore.facts

Error loading data: Cannot open fact file balance.facts

Error loading data: Cannot open fact file builtinFunction.facts

Error loading data: Cannot open fact file callGas.facts

Error loading data: Cannot open fact file callValue.facts

Need reformations and cleaning of the code

The code in the repo needs reformations and cleaning in many areas. And in some cases, many features are written in one file. Please follow modular coding.
The main.py under the securify directory has many features like argument parsing and function calls. Put it to different files and call in the main file.

Does the docker version of securify2 only support the analysis of contracts developed with solidity 0.5.12

I see this statement

ARG SOLC=0.5.12

in Dockerflie

securify web version

Is Securify2 running on https://securify.chainsecurity.com/?

eth-sri / securify2 Goto Github PK

securify2's Introduction

Securify v2.0

Features

Docker

Install

Prerequisites

Setting up the virtual environment

Usage

Analyzing a contract

Supported vulnerabilities

securify2's People

Contributors

Stargazers

Watchers

Forkers

securify2's Issues

Error

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24 criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27 SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31 SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33 criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24 criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27 SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31 SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33 criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).

Recommend Projects

Recommend Topics

Recommend Org

Jobs

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24
criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27
SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31
SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33
criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 24
criticalUsageAt(gas, call) :- externalCall(c), callGas(c, g), SAME_CTX(gas, call, g, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 27
SAME_CTX(arg, call, a, c).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 31
SAME_CTX(arg, ret, a, r).

Warning: Variable _c marked as singleton but occurs more than once in file semantics.dl at line 33
criticalUsageAt(value, store) :- storageMutation(s, v), SAME_CTX(value, store, v, s).