Handle OOG during CALL (#1675)

Consensys · Sep 3, 2022 · 73aa52d · 73aa52d
1 parent 427d40e
commit 73aa52d
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/mythril/analysis/module/modules/unchecked_retval.py b/mythril/analysis/module/modules/unchecked_retval.py
@@ -127,9 +127,13 @@ def _analyze_state(self, state: GlobalState) -> list:
             return issues
         else:
             log.debug("End of call, extracting retval")
-            assert state.environment.code.instruction_list[state.mstate.pc - 1][
+
+            if state.environment.code.instruction_list[state.mstate.pc - 1][
                 "opcode"
-            ] in ["CALL", "DELEGATECALL", "STATICCALL", "CALLCODE"]
+            ] not in ["CALL", "DELEGATECALL", "STATICCALL", "CALLCODE"]:
+                # Return is pointless with OOG. The pc does not get updated in such cases
+                return []
+
             return_value = state.mstate.stack[-1]
             retvals.append(
                 {"address": state.instruction["address"] - 1, "retval": return_value}

diff --git a/mythril/laser/ethereum/call.py b/mythril/laser/ethereum/call.py
@@ -101,7 +101,6 @@ def get_callee_address(
         log.debug("Symbolic call encountered")
 
         match = re.search(r"Storage\[(\d+)\]", str(simplify(symbolic_to_address)))
-        log.debug("CALL to: " + str(simplify(symbolic_to_address)))
 
         if match is None or dynamic_loader is None:
             return symbolic_to_address
@@ -190,9 +189,7 @@ def get_call_data(
         ]
         return ConcreteCalldata(transaction_id, calldata_from_mem)
     except TypeError:
-        log.debug(
-            "Unsupported symbolic memory offset %s size %s", memory_start, memory_size
-        )
+        log.debug("Unsupported symbolic memory offset and size")
         return SymbolicCalldata(transaction_id)
 
 

diff --git a/mythril/laser/ethereum/instructions.py b/mythril/laser/ethereum/instructions.py
@@ -2010,6 +2010,7 @@ def call_(self, global_state: GlobalState) -> List[GlobalState]:
                 log.debug("The call is related to ether transfer between accounts")
                 sender = environment.active_account.address
                 receiver = callee_account.address
+
                 transfer_ether(global_state, sender, receiver, value)
                 self._write_symbolic_returndata(
                     global_state, memory_out_offset, memory_out_size
@@ -2254,11 +2255,11 @@ def delegatecall_(self, global_state: GlobalState) -> List[GlobalState]:
                 log.debug("The call is related to ether transfer between accounts")
                 sender = global_state.environment.active_account.address
                 receiver = callee_account.address
+
                 transfer_ether(global_state, sender, receiver, value)
                 self._write_symbolic_returndata(
                     global_state, memory_out_offset, memory_out_size
                 )
-
                 global_state.mstate.stack.append(
                     global_state.new_bitvec("retval_" + str(instr["address"]), 256)
                 )

diff --git a/mythril/laser/ethereum/svm.py b/mythril/laser/ethereum/svm.py
@@ -435,6 +435,7 @@ def execute_state(
 
                 new_global_states = []
             else:
+
                 # First execute the post hook for the transaction ending instruction
                 self._execute_post_hook(op_code, [end_signal.global_state])
-Original file line number
+Diff line change
@@ Expand Up / @@ -435,6 +435,7 @@ def execute_state( @@
                     new_global_states = []
                 else:
                     # First execute the post hook for the transaction ending instruction
                     self._execute_post_hook(op_code, [end_signal.global_state])
@@ Expand Down @@