Reentrancy bug not recognized upon analyzing raw bytecode #172

noobdoesre · 2017-08-24T02:03:13Z

Not sure whether it is a bug or tool limitation: when analyzing raw bytecode of simple contract with reentrancy bug oyente reports that it's not vulnerable, although when running it with --debug flag I see:

INFO:oyente.analysis:Reentrancy bug? True.

I looked into source code and seen this snippet in symExec.py:

    if not isTesting():
        s = ""
        if reentrancy_bug_found and source_map != None:
            pcs = global_problematic_pcs["reentrancy_bug"]
            pcs = [pc for pc in pcs if source_map.find_source_code(pc)]
            pcs = source_map.reduce_same_position_pcs(pcs)
            s = source_map.to_str(pcs, "Reentrancy bug")
        results["reentrancy"] = s
        s = "\t  Reentrancy bug: \t True" + s if s else "\t  Reentrancy bug: \t False"
        log.info(s)

Seems like reentrancy bug can only 'recognized' when there is source code present. Is this a bug or is it an intended behaviour?

The text was updated successfully, but these errors were encountered:

luongnt95 · 2017-08-24T10:10:42Z

Thanks @noobdoesres. This is a bug and it will be fixed soon.

luongnt95 · 2017-08-28T12:35:34Z

@noobdoesre The bug is fixed now. You can pull the latest code to run.

luongnt95 closed this as completed Aug 28, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reentrancy bug not recognized upon analyzing raw bytecode #172

Reentrancy bug not recognized upon analyzing raw bytecode #172

noobdoesre commented Aug 24, 2017

luongnt95 commented Aug 24, 2017

luongnt95 commented Aug 28, 2017

Reentrancy bug not recognized upon analyzing raw bytecode #172

Reentrancy bug not recognized upon analyzing raw bytecode #172

Comments

noobdoesre commented Aug 24, 2017

luongnt95 commented Aug 24, 2017

luongnt95 commented Aug 28, 2017