Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

End of analysis but not functions where processed #1

Open
ggrieco-tob opened this issue Oct 1, 2018 · 3 comments
Open

End of analysis but not functions where processed #1

ggrieco-tob opened this issue Oct 1, 2018 · 3 comments

Comments

@ggrieco-tob
Copy link
Member

Using LNOToken.evm which corresponds to the compiled version of the LinoToken in LNOToken.sol results in no functions processed:

g@g:~/Code/evm_cfg_builder$ python evm_cfg_builder/cfg_builder.py ~/Projects/zoo/LNOToken.evm 
End of analysis
@joshwatson
Copy link
Contributor

That's because LNOToken.evm begins with its constructor:
image
I took the provided file, and created a new file from offset 0x54 to the end (see the parameters of the CODECOPY). I opened that as a new file and got:
image

I think what's really needed is a feature request for the cfg_builder.py to identify a constructor versus the actual contract code, parse the parameters of the CODECOPY, and then disassemble both the constructor and the runtime code.

@montyly
Copy link
Member

montyly commented Oct 2, 2018

In the meantime, you can export the runtime bytecode with solc --bin-runtime LNOToken.sol

$ python evm_cfg_builder/cfg_builder.py lnotoken.evm 
Analyze 0x4
Analyze approve(address,uint256)
Analyze totalSupply()
Analyze transferFrom(address,address,uint256)
Analyze decreaseApproval(address,uint256)
Analyze balanceOf(address)
Analyze transfer(address,uint256)
Analyze increaseApproval(address,uint256)
Analyze allowance(address,address)
End of analysis
0x4, 1 #bbs , payable,view,pure
approve(address,uint256), 5 #bbs 
totalSupply(), 5 #bbs , view
transferFrom(address,address,uint256), 20 #bbs 
decreaseApproval(address,uint256), 12 #bbs 
balanceOf(address), 5 #bbs , view
transfer(address,uint256), 17 #bbs 
increaseApproval(address,uint256), 9 #bbs 
allowance(address,address), 5 #bbs , view

Note that the dispatcher is not yet correctly reported

@adelapie
Copy link

adelapie commented Nov 9, 2020

Hello, using evm_cfg_builder with https://github.com/trailofbits/evm_cfg_builder/files/2435010/LNOToken.evm.txt at the CODECOPY parameter position indeed finds the methods of the smart contract, however I think I've found an issue (or a limitation) in how evm_cfg_bulider resolves the JUMP address instructions.

There are JUMP instructions at addresses 0x1829, 0x140c, 0xc64, 0x1237 and 0x993 that are not resolved by evm_cfg_builder. They are simply ignored. The JUMP address in this case is obtained by the smart contract using, typically, the following prior instructions: PUSH2 - , SWAP1, SWAP2, SWAP1, PUSH4 - , AND, JUMP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@adelapie @joshwatson @montyly @ggrieco-tob