You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm eyeing through the EVM implementation, and thought I'd add any consensus errors that I can spot to this ticket. The ticket may contain some false positives, apologies in advance if that is the case
Missing analysis of valid JUMPDESTs. The EVM does not allow jumping into a data-section, for example into the 32 bytes following a PUSH32. So if the code is
PUSH01 5b
PUSH1 01
JUMP
Then it appears that manticore evm would jump into the 'artificial' jumpdest 5b at byte 1 and continue execution.
DELEGATECALL/CALLCODE quirks. It looks like DELEGATECALL passes the current address as senderhere. That's how CALLCODE works, whereas DELEGATECALL should pass the original sender as sender.
(I'm unsure about this): I can't find where the stack value normalization happens. For example, the SUB operation returns potentially a negative integer. What happens if that negative integer is used as value for a CALL? Will a negative value be sent?
63/64ths rule does not seem implemented. Whenever a CALL type is made, the max allowed gas that is sent along to the child 63/64ths of the current gas.
The text was updated successfully, but these errors were encountered:
Thanks for the code review. We filed a few issues yesterday related to testing and plan to address them in this release cycle. In particular, we think that adding support for the Constantinople changes will take only a day or two and should be in soon.
Hi holiman . Thank you or this. We are determined to up our correctness game so this is very welcome. I gave it a pass trying to address this issues.
1,2) FIXED. JUMPDEST, This was a known omission. #1172
3) Fixed here. #117
4) I'm researching why it should not be immediately deleted.. Will fix
5) Fixed here: #1180
6) Hopefully already correct. Need tests. We check that it does not send more than the source balance via a unsigned cmp
I'm eyeing through the EVM implementation, and thought I'd add any consensus errors that I can spot to this ticket. The ticket may contain some false positives, apologies in advance if that is the case
JUMPDEST
s. The EVM does not allow jumping into adata
-section, for example into the32
bytes following aPUSH32
. So if the code isThen it appears that manticore evm would jump into the 'artificial' jumpdest
5b
at byte1
and continue execution.Missing
JUMPDEST
check. Apparently known alreadyDELEGATECALL
/CALLCODE
quirks. It looks likeDELEGATECALL
passes the current address assender
here. That's howCALLCODE
works, whereasDELEGATECALL
should pass the originalsender
assender
.SELFDESTRUCT
immediately deletes an address from theworld
: https://github.com/trailofbits/manticore/blob/master/manticore/platforms/evm.py#L1880 .SELFDESTRUCT
adds deleted account to a list, possibly adding the same account multiple times ifSELFDESTRUCT
is performed several times: https://github.com/trailofbits/manticore/blob/master/manticore/platforms/evm.py#L1881(I'm unsure about this): I can't find where the stack value normalization happens. For example, the
SUB
operation returns potentially a negative integer. What happens if that negative integer is used asvalue
for aCALL
? Will a negativevalue
be sent?63/64ths
rule does not seem implemented. Whenever aCALL
type is made, the max allowed gas that is sent along to the child 63/64ths of the currentgas
.The text was updated successfully, but these errors were encountered: