Skip to content

Latest commit

 

History

History
109 lines (85 loc) · 2.73 KB

sample_report.md

File metadata and controls

109 lines (85 loc) · 2.73 KB

Analysis Results

Ether send

  • Type: Warning
  • Contract: Crowdfunding
  • Function name: withdrawfunds()
  • PC address: 816

Description

In the function withdrawfunds() a non-zero amount of Ether is sent to msg.sender. Call value is balance_at_1461501637330902918203684832716283019655932542975 & address.

There is a check on storage index 7. This storage slot can be written to by calling the function crowdfunding().

In ether_send.sol:

msg.sender.transfer(this.balance)

Use of tx.origin

  • Type: Warning
  • Contract: Origin
  • Function name: transferOwnership(address)
  • PC address: 317

Description

Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead. See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin

In origin.sol:

tx.origin

CALL with gas to dynamic address

  • Type: Warning
  • Contract: Reentrancy
  • Function name: withdraw(uint256)
  • PC address: 552

Description

The function withdraw(uint256) contains a function call to the address of the transaction sender. The available gas is forwarded to the called contract. Make sure that the logic of the calling contract is not adversely affected if the called contract misbehaves (e.g. reentrancy).

In reentrancy.sol:

msg.sender.call.value(_amount)()

Unchecked CALL return value

  • Type: Informational
  • Contract: Reentrancy
  • Function name: withdraw(uint256)
  • PC address: 552

Description

The function withdraw(uint256) contains a call to msg.sender. The return value of this call is not checked. Note that the function will continue to execute with a return value of '0' if the called contract throws.

In reentrancy.sol:

msg.sender.call.value(_amount)()

Integer Underflow

  • Type: Warning
  • Contract: Under
  • Function name: sendeth(address,uint256)
  • PC address: 649

Description

A possible integer underflow exists in the function sendeth(address,uint256). The SUB instruction at address 649 may result in a value < 0.

In underflow.sol:

balances[msg.sender] -= _value

Integer Underflow

  • Type: Warning
  • Contract: Under
  • Function name: sendeth(address,uint256)
  • PC address: 567

Description

A possible integer underflow exists in the function sendeth(address,uint256). The SUB instruction at address 567 may result in a value < 0.

In underflow.sol:

balances[msg.sender] - _value

Weak random

  • Type: Warning
  • Contract: WeakRandom
  • Function name: _function_0xe9874106
  • PC address: 1285

Description

In the function _function_0xe9874106 the following predictable state variables are used to determine Ether recipient:

  • block.coinbase

In weak_random.sol:

winningAddress.transfer(prize)