[Bug]: panic at integer overflow when decompiling 0x000000000000df8c944e775bde7af50300999283 on x86

[ape-dev-cs]

Component

Heimdall Modules

Version

v0.3.2

Please check the following

• This is not a duplicate issue
• I have checked the wiki and tried troubleshooting the issue

Operating System

Linux

Describe the issue you are facing

When executing: heimdall decompile 0x000000000000df8c944e775bde7af50300999283 -vvv -d --include-sol --rpc-url <url>, I get an integer overflow exception, full stack trace below:

info: disassembled 2014 bytes successfully.
success: wrote disassembled bytecode to '/home/nodeuser/output/0x000000000000df8c944e775bde7af50300999283/disassembled.asm' .
debug: disassembly completed in 46 ms.
debug: detected compiler solc 0.8.18.
info: resolved 3 possible functions from 4 detected selectors.
info: performing symbolic execution on '60806040523661000b57005b60003560e01c80156100d85763f04f270781146100...6c63430008120033' .
info: ⠹ executing '0xf04f2707'                                                                                                                                                                                     fatal: thread 'main' encountered a fatal error: 'panicked at 'Integer overflow when casting to usize', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/primitive-types-0.12.1/src/lib.rs:38:1'!
fatal: Stack Trace:

   0:     0x55bedb92df87 - backtrace::capture::Backtrace::new::h4a03f9cd77fe1519
   1:     0x55bedba3e724 - heimdall::main::{{closure}}::h9cbb639548398272
   2:     0x55bedbc9a81f - <alloc::boxed::Box<F,A> as core::ops::function::Fn<Args>>::call::h6e4950ba7c0fd82a
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/alloc/src/boxed.rs:2032:9
                           std::panicking::rust_panic_with_hook::h5cafdc4b3bfd5528
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:692:13
   3:     0x55bedbc9a494 - std::panicking::begin_panic_handler::{{closure}}::hf31c60f40775892c
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:577:13
   4:     0x55bedbc9a42e - std::sys_common::backtrace::__rust_end_short_backtrace::h28a5c7be595826cd
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/sys_common/backtrace.rs:137:18
   5:     0x55bedbc9a401 - rust_begin_unwind
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:575:5
   6:     0x55bedb8f7f42 - core::panicking::panic_fmt::h8fa27a0b37dd98b7
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/panicking.rs:64:14
   7:     0x55bedb9adf24 - <ethers_core::types::i256::I256 as core::ops::bit::Shr>::shr::hfeae6e796401a556
   8:     0x55bedba6b17b - heimdall_common::ether::evm::vm::VM::_step::hd2475aae302ea57c
   9:     0x55bedba686c9 - heimdall_common::ether::evm::vm::VM::step::h6cc67e431f364ac0
  10:     0x55bedba55b50 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  11:     0x55bedba56a41 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  12:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  13:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  14:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  15:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  16:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  17:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  18:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  19:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  20:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  21:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  22:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  23:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  24:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  25:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  26:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  27:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  28:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  29:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  30:     0x55bedba568d3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  31:     0x55bedba56965 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  32:     0x55bedba56a41 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  33:     0x55bedba56ad3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  34:     0x55bedba568d3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  35:     0x55bedba568d3 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  36:     0x55bedba56a41 - heimdall::decompile::util::recursive_map::hbb1d48a8ae2029a2
  37:     0x55bedba45c68 - heimdall::decompile::decompile::hd123d0cc809a768b
  38:     0x55bedba3d30c - heimdall::main::h0eb0d70686be163d
  39:     0x55bedba523b3 - std::sys_common::backtrace::__rust_begin_short_backtrace::hf459c03191f0eeac
  40:     0x55bedba523a9 - std::rt::lang_start::{{closure}}::h2a2579911f63dbb9
  41:     0x55bedbc6c5c4 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::hfa1c3687c9a20bb8
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/ops/function.rs:606:13
                           std::panicking::try::do_call::h0497133ebe1341e5
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:483:40
                           std::panicking::try::h6c3de05c7ca5d07f
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:447:19
                           std::panic::catch_unwind::h969058ecb5334b30
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panic.rs:137:14
                           std::rt::lang_start_internal::{{closure}}::h0de6d98cafb42a58
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/rt.rs:148:48
                           std::panicking::try::do_call::h77301dcf43953993
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:483:40
                           std::panicking::try::h45b05523a2fe135a
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:447:19
                           std::panic::catch_unwind::hd95cea544b2b9bd2
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panic.rs:137:14
                           std::rt::lang_start_internal::hd16e6ff7bf05a444
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/rt.rs:148:20
  42:     0x55bedba39db4 - main
  43:     0x7f835c5a9d90 - <unknown>
  44:     0x7f835c5a9e40 - __libc_start_main
  45:     0x55bedb917ba5 - _start
  46:                0x0 - <unknown>

info: ⠴ executing '0xf04f2707'

It's worth noting that I'm using heimdall v0.3.2, but I'm unable to reproduce this error on arm (M1 Max), only on x86-64 (AMD Ryzen).

[Jon-Becker]

Will attempt to reproduce and resolve for 0.3.3. (I also have an M1 Mac)

Thank you!

[davideaimar]

I have the same problem with contract 0x4cce413f565f8a9e2a25d9d270a9a36061f4439d it overflows the stack executing 0x67dd74ca.
I ran the decompilation on the first 3570 contracts created and 703 of them timed out with a timeout of 2s and without resolving, so probably they all share the same problem.
I'm on MacOS x86-64.

[Jon-Becker]

@davideaimar I dont think thats related to this issue, this issue appears to be related to an unhandled panic in ethers-rs.

I'll open an issue for you and attempt to resolve it :)

[Jon-Becker]

gakonst/ethers-rs#2174

[Jon-Becker]

@ape-dev-cs partially resolved in #66. (It won't panic anymore)

Awaiting a patch on ethers-rs for a full fix, but I believe i've fixed all cases of this for now on my end.

I'll have this issue fully fixed in release 0.3.3 today or tomorrow.

[ape-dev-cs]

 heimdall decompile 0xf8b721bff6bf7095a0e10791ce8f998baa254fd0 -vvv -d --include-sol --rpc-url <url> debug: found cached bytecode for '0xf8b721bff6bf7095a0e10791ce8f998baa254fd0' .
info: disassembled 21423 bytes successfully.
success: wrote disassembled bytecode to '/home/nodeuser/output/0xf8b721bff6bf7095a0e10791ce8f998baa254fd0/disassembled.asm' .
debug: disassembly completed in 52 ms.
debug: detected compiler solc 0.8.13.
info: resolved 6 possible functions from 19 detected selectors.
info: performing symbolic execution on '6080604052600436101561001e575b361561001c5761001c611a9d565b005b6000...6c634300080d0033' .
info: ⠙ analyzing '0x6dbf2fa0'                                                                                                                                                                                     fatal: thread 'main' encountered a fatal error: 'panicked at 'Integer overflow when casting to u64', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/primitive-types-0.12.1/src/lib.rs:38:1'!
fatal: Stack Trace:

   0:     0x55bb3ed33457 - backtrace::capture::Backtrace::new::h4a03f9cd77fe1519
   1:     0x55bb3ee186d4 - heimdall::main::{{closure}}::hfa6d75715006f28c
   2:     0x55bb3f0a0f5f - <alloc::boxed::Box<F,A> as core::ops::function::Fn<Args>>::call::h6e4950ba7c0fd82a
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/alloc/src/boxed.rs:2032:9
                           std::panicking::rust_panic_with_hook::h5cafdc4b3bfd5528
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:692:13
   3:     0x55bb3f0a0bd4 - std::panicking::begin_panic_handler::{{closure}}::hf31c60f40775892c
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:577:13
   4:     0x55bb3f0a0b6e - std::sys_common::backtrace::__rust_end_short_backtrace::h28a5c7be595826cd
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/sys_common/backtrace.rs:137:18
   5:     0x55bb3f0a0b41 - rust_begin_unwind
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:575:5
   6:     0x55bb3ececf22 - core::panicking::panic_fmt::h8fa27a0b37dd98b7
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/panicking.rs:64:14
   7:     0x55bb3ed1f51a - heimdall::decompile::decompile::h9688a7b31010a517
   8:     0x55bb3ee155b8 - heimdall::main::h8a0eb94b5d900ee5
   9:     0x55bb3ee5eff3 - std::sys_common::backtrace::__rust_begin_short_backtrace::h63bf843619c5d65b
  10:     0x55bb3ed0d679 - std::rt::lang_start::{{closure}}::h86b68573c40c6aa5
  11:     0x55bb3f0721f4 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::hfa1c3687c9a20bb8
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/core/src/ops/function.rs:606:13
                           std::panicking::try::do_call::h0497133ebe1341e5
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:483:40
                           std::panicking::try::h6c3de05c7ca5d07f
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:447:19
                           std::panic::catch_unwind::h969058ecb5334b30
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panic.rs:137:14
                           std::rt::lang_start_internal::{{closure}}::h0de6d98cafb42a58
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/rt.rs:148:48
                           std::panicking::try::do_call::h77301dcf43953993
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:483:40
                           std::panicking::try::h45b05523a2fe135a
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panicking.rs:447:19
                           std::panic::catch_unwind::hd95cea544b2b9bd2
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/panic.rs:137:14
                           std::rt::lang_start_internal::hd16e6ff7bf05a444
                               at /rustc/d5a82bbd26e1ad8b7401f6a718a9c57c96905483/library/std/src/rt.rs:148:20
  12:     0x55bb3ee11164 - main
  13:     0x7f4eb59d2d90 - <unknown>
  14:     0x7f4eb59d2e40 - __libc_start_main
  15:     0x55bb3ed0d365 - _start
  16:                0x0 - <unknown>

I'm still hitting a very similar issue with v0.3.3 with a different contract - output above. If we need to just wait for upstream issue to be fixed then no big deal.

Edit: I'm able to reproduce this on x86 and arm.

[Jon-Becker]

Panic resolved, however contract appears obfuscated somehow. Investigating.

Regardless, closing as panic is resolved. Will continue to improve.

#79