Hubert Ritzdorf
Hubert Ritzdorf
https://skylightcyber.com/2019/05/12/ethereum-smart-contracts-exploitation-using-right-to-left-override-character/
The `mayFollow` relation does not correctly capture dataflow dependencies. Example: ```js contract A { address a; function f() public view returns(address) { return a; } } contract B { mapping(address...
Consider the following example: ``` contract Wallet { uint balance; function send(){ if (balance > 0){ msg.sender.call.value(balance)(); balance = 0; } revert(); } } ``` Securify reports violations for multiple...
Reference: https://github.com/eth-sri/securify/blob/604fb579758d796a6ec4383d43ceb7a2de0b6ece/src/test/java/ch/securify/patterns/TODTransferTest.java#L36 Additional examples: ``` pragma solidity 0.4.24; contract game { bool won = false; function play() public { if (!won) { won = true; msg.sender.transfer(1); } } function play2()...
Memory tagging needs to be improved for certain opcodes including `ReturnDataCopy` and `CallDataCopy.` Reference: https://github.com/eth-sri/securify/blob/master/src/main/java/ch/securify/analysis/AbstractDataflow.java#L472 Example: No MissingInputValidation here: ``` contract SimpleBank { bytes32 x; function withdraw(bytes memory a) public...
Certain authorization patterns, do not use a direct ```js require(msg.sender == owner); ``` and instead perform a mapping-based authorization lookup that leads to the branch condition. An example is provided...
It seems that electrum supports multiple bitboxes plugged in at the same time. Is this also possible through the python library? Currently, this message suggests that it is not supported:...
### Describe the issue: I tried the new vyper feature with the vyper example BlindAuction contract (https://docs.vyperlang.org/en/v0.3.7/vyper-by-example.html). I get the error: ``` slither.solc_parsing.exceptions.VariableNotFound: Variable not found: send (context reveal) ```...
When running the test with the previous unicodes I got message "contains invalid UTF-8 sequence at position 9".