New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Understand the output of Securify when analyzing runtime bin #98
Comments
Hi @ireneGP , thanks a lot for your question. This was unclear indeed. Please use:
We also modified the usage message to clarify this. |
@ritzdorf Thank you so much for your prompt reply! I appreciate it very much. Just one followup question to understand the json output. So basically I got the following output by analyzing my contract (a local EVM runtime bytecode):
My questions are:
Thanks a lot! I look forward to hearing from you! |
|
@ritzdorf Thank you! Then may I ask what about the dependence on |
@ireneGP We are working on such patterns. And will release them once they are stable enough. You can try out some initial version under https://securify.ch |
@ritzdorf Thank you! One followup question on the "violation patterns" vs. "warning patterns". How should I interpret this? In case I encountered a "warning pattern", can I interpret it as "vulnerable" or so? |
@ireneGP violation implies that the security property is violated, while warning indicates that it may be a false positive. For full details on that you can see Fig 2 in the tech report: https://files.sri.inf.ethz.ch/website/papers/ccs18-securify.pdf |
@ptsankov @ritzdorf Thank you for the clarification. I am still a bit confused about the vulnerability pattern here, say, can Securify pinpoint DoS with (Unexpected) revert style vulnerability? I don't think the |
Hello, I am writing to ask a quick question regarding how to interpret the output of Security.
For instance when executing the following command and getting the output:
So what does that mean? Where can I find the corresponding results, something like whether this is vulnerable towards reentracy attack, towards TOD attack (violation or not).
I tried to append the
--json
option to the command but nothing happens.Also, I tried to run a run-time EVM bytecode on my local machine and got the following output::
Somehow the "function" is not recognized. Is it still OK to use Securify, for such cases? Thanks!
The text was updated successfully, but these errors were encountered: