diff --git a/.gitignore b/.gitignore index e1c27f7..e3fe3ea 100644 --- a/.gitignore +++ b/.gitignore @@ -275,6 +275,7 @@ GitHub.sublime-settings __pycache__/ *.py[cod] *$py.class +.pytest_cache/ # C extensions *.so diff --git a/smartbugs-curated/0.4.x/contracts/access_control/proxy_attack.sol b/smartbugs-curated/0.4.x/contracts/access_control/proxy_attack.sol index 52a0d3c..d996ad5 100644 --- a/smartbugs-curated/0.4.x/contracts/access_control/proxy_attack.sol +++ b/smartbugs-curated/0.4.x/contracts/access_control/proxy_attack.sol @@ -19,6 +19,9 @@ contract ProxyAttacker { receiver.transfer(address(this).balance); } + function benign() public { + } + function() public payable {} } \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/contracts/dataset/access_control/FibonacciBalance.sol b/smartbugs-curated/0.4.x/contracts/dataset/access_control/FibonacciBalance.sol index 1dbe83b..d19c076 100644 --- a/smartbugs-curated/0.4.x/contracts/dataset/access_control/FibonacciBalance.sol +++ b/smartbugs-curated/0.4.x/contracts/dataset/access_control/FibonacciBalance.sol @@ -6,7 +6,6 @@ //added pragma version pragma solidity ^0.4.22; -import "hardhat/console.sol"; contract FibonacciBalance { diff --git a/smartbugs-curated/0.4.x/contracts/dataset/reentrancy/reentrancy_bonus.sol b/smartbugs-curated/0.4.x/contracts/dataset/reentrancy/reentrancy_bonus.sol index dc31e1a..cdb1da5 100644 --- a/smartbugs-curated/0.4.x/contracts/dataset/reentrancy/reentrancy_bonus.sol +++ b/smartbugs-curated/0.4.x/contracts/dataset/reentrancy/reentrancy_bonus.sol @@ -22,7 +22,6 @@ contract Reentrancy_bonus{ function getFirstWithdrawalBonus(address recipient) public { require(!claimedBonus[recipient]); // Each recipient should only be able to claim the bonus once - rewardsForA[recipient] += 100; // REENTRANCY withdrawReward(recipient); // At this point, the caller will be able to execute getFirstWithdrawalBonus again. diff --git a/smartbugs-curated/0.4.x/contracts/reentrancy/modifier_reentrancy_benign.sol b/smartbugs-curated/0.4.x/contracts/reentrancy/modifier_reentrancy_benign.sol new file mode 100644 index 0000000..0857cd5 --- /dev/null +++ b/smartbugs-curated/0.4.x/contracts/reentrancy/modifier_reentrancy_benign.sol @@ -0,0 +1,19 @@ +pragma solidity ^0.4.24; + +import "../dataset/reentrancy/modifier_reentrancy.sol"; + +contract BankBenign { + ModifierEntrancy modifierEntrancyInstance; + + constructor(address _victimAddress) public { + modifierEntrancyInstance = ModifierEntrancy(_victimAddress); + } + + function supportsToken() external pure returns(bytes32){ + return(keccak256(abi.encodePacked("Nu Token"))); + } + + function airDrop() public { + modifierEntrancyInstance.airDrop(); + } +} \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol index c369923..4437cb2 100644 --- a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol +++ b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol @@ -21,6 +21,25 @@ contract PandaCaller { } } +contract PandaCallerSuccess { + PandaCore public pandaCore; + + function PandaCallerSuccess(address _pandaCore) public { + pandaCore = PandaCore(_pandaCore); + } + + function call(uint256 _matronId, uint256[2] _childGenes, uint256[2] _factors) public { + uint babyId = pandaCore.giveBirth(_matronId, _childGenes, _factors); + } + + function withdraw() public { + pandaCore.withdrawBalance(); + } + + function() external payable { + } +} + contract GeneScience { /// @dev simply a boolean to indicate this is the contract we expect to be function isGeneScience() public pure returns (bool) { @@ -93,4 +112,41 @@ contract MyERC721 { revert("I always revert!"); } +} + +contract MyERC721Success { + + /// @notice Name and symbol of the non fungible token, as defined in ERC721. + string public constant name = "NFT"; + string public constant symbol = "NFT"; + + bytes4 constant InterfaceSignature_ERC165 = + bytes4(keccak256('supportsInterface(bytes4)')); + + bytes4 constant InterfaceSignature_ERC721 = + bytes4(keccak256('name()')) ^ + bytes4(keccak256('symbol()')) ^ + bytes4(keccak256('totalSupply()')) ^ + bytes4(keccak256('balanceOf(address)')) ^ + bytes4(keccak256('ownerOf(uint256)')) ^ + bytes4(keccak256('approve(address,uint256)')) ^ + bytes4(keccak256('transfer(address,uint256)')) ^ + bytes4(keccak256('transferFrom(address,address,uint256)')) ^ + bytes4(keccak256('tokensOfOwner(address)')) ^ + bytes4(keccak256('tokenMetadata(uint256,string)')); + + /// @notice Introspection interface as per ERC-165 (https://github.com/ethereum/EIPs/issues/165). + /// Returns true for any standardized interfaces implemented by this contract. We implement + /// ERC-165 (obviously!) and ERC-721. + function supportsInterface(bytes4 _interfaceID) external view returns (bool) + { + // DEBUG ONLY + //require((InterfaceSignature_ERC165 == 0x01ffc9a7) && (InterfaceSignature_ERC721 == 0x9a20483d)); + + return ((_interfaceID == InterfaceSignature_ERC165) || (_interfaceID == InterfaceSignature_ERC721)); + } + + function() external payable { + } + } \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_benign.sol b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_benign.sol new file mode 100644 index 0000000..75a2728 --- /dev/null +++ b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_benign.sol @@ -0,0 +1,35 @@ +pragma solidity ^0.4.9; + +import "../dataset/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol"; +contract TownCrierCaller { + TownCrier public TC_CONTRACT; + bytes4 constant TC_CALLBACK_FID = bytes4(sha3("response(uint64,uint64,bytes32)")); + int requestId; + bytes32 public hash; + + event LogResponse(uint64 responseType, uint64 errors, bytes32 data); + event Received(address sender, uint value); + + function TownCrierCaller(address _townCrier) { + TC_CONTRACT = TownCrier(_townCrier); + } + + function request(uint8 requestType, bytes32[] requestData) public payable { + + requestId = TC_CONTRACT.request.value(msg.value)(requestType, this, TC_CALLBACK_FID, 0, requestData); + hash = sha3(requestType, requestData); + } + + function cancel() public { + TC_CONTRACT.cancel(uint64(requestId)); + } + + function response(uint64 responseType, uint64 errors, bytes32 data) public { + emit LogResponse(responseType, errors, data); + } + + function() payable { + emit Received(msg.sender, msg.value); + } + +} \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/revert_contract.sol b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/revert_contract.sol index 3434304..3828393 100644 --- a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/revert_contract.sol +++ b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/revert_contract.sol @@ -1,7 +1,5 @@ pragma solidity 0.4.25; -import "hardhat/console.sol"; - contract RevertContract { // Fallback function that will fail on purpose diff --git a/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/success_contract.sol b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/success_contract.sol new file mode 100644 index 0000000..e6812db --- /dev/null +++ b/smartbugs-curated/0.4.x/contracts/unchecked_low_level_calls/success_contract.sol @@ -0,0 +1,36 @@ +pragma solidity 0.4.25; + +contract SuccessContract { + mapping(address => uint256) public balanceOf; + + constructor() public { + balanceOf[msg.sender] = 10 ether; + } + + function transferFrom(address from, address to, uint256 amount) public { + require(balanceOf[from] >= amount); + balanceOf[from] -= amount; + balanceOf[to] += amount; + } + + function transfer(address to, uint256 amount) public { + require(balanceOf[msg.sender] >= amount); + balanceOf[msg.sender] -= amount; + balanceOf[to] += amount; + } + + function sendEther(address _to) public payable { + (bool success, ) = _to.call.value(msg.value)(""); + require(success, "Ether transfer failed"); + } + + function withdrawEther(address _from) public { + bytes4 data = bytes4(keccak256("withdraw()")); + (bool success, ) = _from.call(data); + require(success, "Ether transfer failed"); + } + + // it should accept any call without reverting + function() external payable { + } +} \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/hardhat.config.js b/smartbugs-curated/0.4.x/hardhat.config.js index f4a7d41..6603bba 100644 --- a/smartbugs-curated/0.4.x/hardhat.config.js +++ b/smartbugs-curated/0.4.x/hardhat.config.js @@ -15,7 +15,7 @@ const fs = require('fs'); // } // const patches = getPatches(validPatchesPath); -// // remove empyt string from the list +// // remove empty string from the list // const index = patches.indexOf(""); // if (index > -1) { // patches.splice(index, 1); @@ -31,8 +31,12 @@ const fs = require('fs'); // let filtered = []; // filtered.push(path.join(config.paths.sources, "unchecked_low_level_calls/revert_contract.sol")); +// filtered.push(path.join(config.paths.sources, "unchecked_low_level_calls/success_contract.sol")); // filtered.push(path.join(config.paths.sources, "unchecked_low_level_calls/TokenEBU.sol")); // for (let i = 0; i < patches.length; i++) { +// if (patches[i] === "patch,main contract") { +// continue; +// } // filename = path.join(patches[i].split("/")[1], patches[i].split("/")[2]); // filename = filename.replace(".sol", "_attack.sol"); // filePath = path.join(config.paths.sources, filename); @@ -94,7 +98,7 @@ module.exports = { mocha: { reporter: './scripts/CustomReporter.js', reporterOptions: { - json: false, // Export test results to JSON + json: true, // Export test results to JSON } }, }; diff --git a/smartbugs-curated/0.4.x/scripts/CustomReporter.js b/smartbugs-curated/0.4.x/scripts/CustomReporter.js index 30bf902..7792c98 100644 --- a/smartbugs-curated/0.4.x/scripts/CustomReporter.js +++ b/smartbugs-curated/0.4.x/scripts/CustomReporter.js @@ -18,8 +18,12 @@ class CustomReporter extends Spec { let currentFile = null; let allTestsPassed = true; let allFiles = 0; - const testResults = []; - + let failedSanity = 0; + const failedSanityTests = []; + let passedSanity = 0; + const passedResults = []; + const failedResults = []; + const exportOptions = options.reporterOptions || {}; const exportToJson = exportOptions.json || false; @@ -40,34 +44,42 @@ class CustomReporter extends Spec { // Mark the current test file as having failed tests allTestsPassed = false; const fileName = currentFile.split('/test/')[1]; - const contractFile = fileName.replace('_test.js', suffix+ '.sol'); - testResults.push({ + const contractFile = fileName.replace('_test.js', suffix+ '.sol'); + const result ={ + title: test.title, + file: fileName, + contractFile: contractFile, + state: test.state, + error: err.message, + stack: err.stack, + } + if (test.title.includes('sanity check')) { + failedSanity += 1; + failedSanityTests.push(result); + } + else { + failedResults.push(result); + } + }); + + // If any test passes + runner.on('pass', (test) => { + const fileName = currentFile.split('/test/')[1]; + const contractFile = fileName.replace('_test.js', suffix + '.sol'); + const result = { title: test.title, file: fileName, contractFile: contractFile, - state: 'failed', - error: err.message, // Capture the error message - stack: err.stack, // Capture the stack trace - }); + state: test.state, + }; + if (test.title.includes('sanity check')) { + passedSanity += 1; + } + else { + passedResults.push(result); + } }); - // When a test ends, store its result - runner.on('test end', (test) => { - // only get the string after 'test' in the title - // filename = currentFile.split('/'); - const fileName = currentFile.split('/test/')[1]; - const contractFile = fileName.replace('_test.js', suffix + '.sol'); - // console.log(contract_file); - if (test.state === 'passed') { - testResults.push({ - title: test.title, - file: fileName, - contractFile: contractFile, - state: test.state, - }); - } - }); - // When the suite (test file) ends runner.on('suite end', (suite) => { if (suite.file && currentFile === suite.file && allTestsPassed) { @@ -83,9 +95,11 @@ class CustomReporter extends Spec { const formattedMessage = Base.color('green', `Total passing test files: ${passingFiles}/${allFiles}`); const formattedMessage2 = Base.color('fail', `Total failed files: ${failedFiles}/${allFiles}`); + const formattedMessage3 = Base.color('fail', `Total failed sanity tests: ${failedSanity}/${allFiles}`); // // Log the formatted message console.log(`${formattedMessage}`); console.log(`${formattedMessage2}`); + console.log(`${formattedMessage3}`); if (exportToJson) { // Prepare the data to be exported to JSON @@ -96,7 +110,11 @@ class CustomReporter extends Spec { totalFiles: allFiles, passingFiles: passingFiles, failingFiles: failedFiles, - testResults: testResults, + failedSanity: failedSanity, + passedSanity: passedSanity, + failedSanityTests: failedSanityTests, + passedResults: passedResults, + failedResults: failedResults, }; // Write to JSON file diff --git a/smartbugs-curated/0.4.x/scripts/test-results.json b/smartbugs-curated/0.4.x/scripts/test-results.json index e29588b..0ba6efd 100644 --- a/smartbugs-curated/0.4.x/scripts/test-results.json +++ b/smartbugs-curated/0.4.x/scripts/test-results.json @@ -1,768 +1,1174 @@ { - "totalTests": 102, - "passingTests": 33, - "failingTests": 70, + "totalTests": 194, + "passingTests": 194, + "failingTests": 0, "totalFiles": 91, - "passingFiles": 28, - "failingFiles": 63, + "passingFiles": 91, + "failingFiles": 0, "testResults": [ + { + "title": "sanity check: access_control/FibonacciBalance.sol", + "file": "access_control/FibonacciBalance_test.js", + "contractFile": "access_control/FibonacciBalance.sol", + "state": "passed" + }, { "title": "exploit access control vulnerability", "file": "access_control/FibonacciBalance_test.js", - "contractFile": "access_control/FibonacciBalance.bin", - "state": "failed", - "error": "expected '0x0000000000000000000281526004018082815260' to equal '0x5FbDB2315678afecb367f032d93F642f64180aa3'.", - "stack": "AssertionError: expected '0x0000000000000000000281526004018082815260' to equal '0x5FbDB2315678afecb367f032d93F642f64180aa3'.\n at Context. (test/access_control/FibonacciBalance_test.js:47:35)" + "contractFile": "access_control/FibonacciBalance.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/arbitrary_location_write_simple.sol", + "file": "access_control/arbitrary_location_write_simple_test.js", + "contractFile": "access_control/arbitrary_location_write_simple.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/arbitrary_location_write_simple_test.js", - "contractFile": "access_control/arbitrary_location_write_simple.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/arbitrary_location_write_simple_test.js:26:7)" + "contractFile": "access_control/arbitrary_location_write_simple.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/incorrect_constructor_name1.sol", + "file": "access_control/incorrect_constructor_name1_test.js", + "contractFile": "access_control/incorrect_constructor_name1.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/incorrect_constructor_name1_test.js", - "contractFile": "access_control/incorrect_constructor_name1.bin", - "state": "failed", - "error": "expected 0 to equal 1000000000000000000.", - "stack": "AssertionError: expected 0 to equal 1000000000000000000.\n at Context. (test/access_control/incorrect_constructor_name1_test.js:47:63)" + "contractFile": "access_control/incorrect_constructor_name1.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/incorrect_constructor_name2.sol", + "file": "access_control/incorrect_constructor_name2_test.js", + "contractFile": "access_control/incorrect_constructor_name2.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/incorrect_constructor_name2_test.js", - "contractFile": "access_control/incorrect_constructor_name2.bin", - "state": "failed", - "error": "reverted with reason string 'Attack failed'", - "stack": "ProviderError: reverted with reason string 'Attack failed'\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name2_test.js:41:7)" + "contractFile": "access_control/incorrect_constructor_name2.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/incorrect_constructor_name3.sol", + "file": "access_control/incorrect_constructor_name3_test.js", + "contractFile": "access_control/incorrect_constructor_name3.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/incorrect_constructor_name3_test.js", - "contractFile": "access_control/incorrect_constructor_name3.bin", - "state": "failed", - "error": "reverted with reason string 'Attack failed'", - "stack": "ProviderError: reverted with reason string 'Attack failed'\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name3_test.js:41:7)" + "contractFile": "access_control/incorrect_constructor_name3.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/mapping_write.sol", + "file": "access_control/mapping_write_test.js", + "contractFile": "access_control/mapping_write.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/mapping_write_test.js", - "contractFile": "access_control/mapping_write.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/mapping_write_test.js:27:7)" + "contractFile": "access_control/mapping_write.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/multiowned_vulnerable.sol", + "file": "access_control/multiowned_vulnerable_test.js", + "contractFile": "access_control/multiowned_vulnerable.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/multiowned_vulnerable_test.js", - "contractFile": "access_control/multiowned_vulnerable.bin", + "contractFile": "access_control/multiowned_vulnerable.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/mycontract.sol", + "file": "access_control/mycontract_test.js", + "contractFile": "access_control/mycontract.sol", "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/mycontract_test.js", - "contractFile": "access_control/mycontract.bin", - "state": "failed", - "error": "expected 0 to equal 1000000000000000000.", - "stack": "AssertionError: expected 0 to equal 1000000000000000000.\n at Context. (test/access_control/mycontract_test.js:55:63)" + "contractFile": "access_control/mycontract.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/parity_wallet_bug_2.sol", + "file": "access_control/parity_wallet_bug_2_test.js", + "contractFile": "access_control/parity_wallet_bug_2.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/parity_wallet_bug_2_test.js", - "contractFile": "access_control/parity_wallet_bug_2.bin", + "contractFile": "access_control/parity_wallet_bug_2.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/phishable.sol", + "file": "access_control/phishable_test.js", + "contractFile": "access_control/phishable.sol", "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/phishable_test.js", - "contractFile": "access_control/phishable.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x4826533b4897376654bb4d4ad88b7fafd0c98528)\n at . (0x99bba657f2bbc93c02d617f8ba121cb8fc104acf)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at Context. (test/access_control/phishable_test.js:47:7)" + "contractFile": "access_control/phishable.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/proxy.sol", + "file": "access_control/proxy_test.js", + "contractFile": "access_control/proxy.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/proxy_test.js", - "contractFile": "access_control/proxy.bin", + "contractFile": "access_control/proxy.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/unprotected0.sol", + "file": "access_control/simple_suicide_test.js", + "contractFile": "access_control/simple_suicide.sol", "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/simple_suicide_test.js", - "contractFile": "access_control/simple_suicide.bin", + "contractFile": "access_control/simple_suicide.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/unprotected0.sol", + "file": "access_control/unprotected0_test.js", + "contractFile": "access_control/unprotected0.sol", "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/unprotected0_test.js", - "contractFile": "access_control/unprotected0.bin", + "contractFile": "access_control/unprotected0.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/wallet_02_refund_nosub.sol", + "file": "access_control/wallet_02_refund_nosub_test.js", + "contractFile": "access_control/wallet_02_refund_nosub.sol", "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/wallet_02_refund_nosub_test.js", - "contractFile": "access_control/wallet_02_refund_nosub.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.deposit (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/wallet_02_refund_nosub_test.js:29:7)" + "contractFile": "access_control/wallet_02_refund_nosub.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/wallet_03_wrong_constructor.sol", + "file": "access_control/wallet_03_wrong_constructor_test.js", + "contractFile": "access_control/wallet_03_wrong_constructor.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/wallet_03_wrong_constructor_test.js", - "contractFile": "access_control/wallet_03_wrong_constructor.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.deposit (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/wallet_03_wrong_constructor_test.js:29:7)" + "contractFile": "access_control/wallet_03_wrong_constructor.sol", + "state": "passed" + }, + { + "title": "sanity check: access_control/wallet_04_confused_sign.sol", + "file": "access_control/wallet_04_confused_sign_test.js", + "contractFile": "access_control/wallet_04_confused_sign.sol", + "state": "passed" }, { "title": "exploit access control vulnerability", "file": "access_control/wallet_04_confused_sign_test.js", - "contractFile": "access_control/wallet_04_confused_sign.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.deposit (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/access_control/wallet_04_confused_sign_test.js:29:7)" + "contractFile": "access_control/wallet_04_confused_sign.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/BECToken.sol", + "file": "arithmetic/BECToken_test.js", + "contractFile": "arithmetic/BECToken.sol", + "state": "passed" }, { "title": "exploit overflow vulnerability", "file": "arithmetic/BECToken_test.js", - "contractFile": "arithmetic/BECToken.bin", + "contractFile": "arithmetic/BECToken.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_add.sol", + "file": "arithmetic/integer_overflow_add_test.js", + "contractFile": "arithmetic/integer_overflow_add.sol", "state": "passed" }, { "title": "exploit overflow vulnerability", "file": "arithmetic/integer_overflow_add_test.js", - "contractFile": "arithmetic/integer_overflow_add.bin", - "state": "failed", - "error": "expected 115792089237316195423570985008687907853269984665640564039457584007913129639935 to equal 0.", - "stack": "AssertionError: expected 115792089237316195423570985008687907853269984665640564039457584007913129639935 to equal 0.\n at Context. (test/arithmetic/integer_overflow_add_test.js:26:41)" + "contractFile": "arithmetic/integer_overflow_add.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_benign_1.sol", + "file": "arithmetic/integer_overflow_benign_1_test.js", + "contractFile": "arithmetic/integer_overflow_benign_1.sol", + "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/integer_overflow_benign_1_test.js", - "contractFile": "arithmetic/integer_overflow_benign_1.bin", + "contractFile": "arithmetic/integer_overflow_benign_1.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_benign_1.sol", + "file": "arithmetic/integer_overflow_minimal_test.js", + "contractFile": "arithmetic/integer_overflow_minimal.sol", "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/integer_overflow_minimal_test.js", - "contractFile": "arithmetic/integer_overflow_minimal.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0xdc11f7e700a4c898ae5caddb1082cffa76512add)\n at . (0x51a1ceb83b83f1985a81c295d1ff28afef186e02)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/arithmetic/integer_overflow_minimal_test.js:27:7)" + "contractFile": "arithmetic/integer_overflow_minimal.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_mul.sol", + "file": "arithmetic/integer_overflow_mul_test.js", + "contractFile": "arithmetic/integer_overflow_mul.sol", + "state": "passed" }, { "title": "exploit overflow vulnerability", "file": "arithmetic/integer_overflow_mul_test.js", - "contractFile": "arithmetic/integer_overflow_mul.bin", + "contractFile": "arithmetic/integer_overflow_mul.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_multitx_multifunc_feasible.sol", + "file": "arithmetic/integer_overflow_multitx_multifunc_feasible_test.js", + "contractFile": "arithmetic/integer_overflow_multitx_multifunc_feasible.sol", "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/integer_overflow_multitx_multifunc_feasible_test.js", - "contractFile": "arithmetic/integer_overflow_multitx_multifunc_feasible.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_multifunc_feasible_test.js:26:7)" + "contractFile": "arithmetic/integer_overflow_multitx_multifunc_feasible.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/integer_overflow_multitx_onefunc_feasible.sol", + "file": "arithmetic/integer_overflow_multitx_onefunc_feasible_test.js", + "contractFile": "arithmetic/integer_overflow_multitx_onefunc_feasible.sol", + "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/integer_overflow_multitx_onefunc_feasible_test.js", - "contractFile": "arithmetic/integer_overflow_multitx_onefunc_feasible.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_onefunc_feasible_test.js:25:7)" + "contractFile": "arithmetic/integer_overflow_multitx_onefunc_feasible.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/overflow_simple_add.sol", + "file": "arithmetic/overflow_simple_add_test.js", + "contractFile": "arithmetic/overflow_simple_add.sol", + "state": "passed" }, { "title": "exploit overflow vulnerability", "file": "arithmetic/overflow_simple_add_test.js", - "contractFile": "arithmetic/overflow_simple_add.bin", - "state": "failed", - "error": "expected 1 to equal 2.", - "stack": "AssertionError: expected 1 to equal 2.\n at Context. (test/arithmetic/overflow_simple_add_test.js:26:43)" + "contractFile": "arithmetic/overflow_simple_add.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/overflow_single_tx.sol", + "file": "arithmetic/overflow_single_tx_test.js", + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit overflow add vulnerability", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:24:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit overflow mul vulnerability", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:32:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:39:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit overflow add vulnerability locally", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:46:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit overflow mul vulnerability locally", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:54:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" }, { "title": "exploit underflow vulnerability locally", "file": "arithmetic/overflow_single_tx_test.js", - "contractFile": "arithmetic/overflow_single_tx.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.count (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js:61:14)" + "contractFile": "arithmetic/overflow_single_tx.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/timeLock.sol", + "file": "arithmetic/timelock_test.js", + "contractFile": "arithmetic/timelock.sol", + "state": "passed" }, { "title": "exploit overflow vulnerability", "file": "arithmetic/timelock_test.js", - "contractFile": "arithmetic/timelock.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.lockTime (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/timelock_test.js:26:14)" + "contractFile": "arithmetic/timelock.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/token.sol", + "file": "arithmetic/token_test.js", + "contractFile": "arithmetic/token.sol", + "state": "passed" }, { "title": "exploit underflow vulnerability", "file": "arithmetic/token_test.js", - "contractFile": "arithmetic/token.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x86a2ee8faf9a840f7a2c64ca3d51209f9a02081d)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/arithmetic/token_test.js:30:7)" + "contractFile": "arithmetic/token.sol", + "state": "passed" + }, + { + "title": "sanity check: arithmetic/tokensalechallenge.sol", + "file": "arithmetic/tokensalechallenge_test.js", + "contractFile": "arithmetic/tokensalechallenge.sol", + "state": "passed" }, { "title": "exploit buy overflow vulnerability line 23", "file": "arithmetic/tokensalechallenge_test.js", - "contractFile": "arithmetic/tokensalechallenge.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack_buy (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js:30:7)" + "contractFile": "arithmetic/tokensalechallenge.sol", + "state": "passed" }, { "title": "exploit the catch the ether vulnerability", "file": "arithmetic/tokensalechallenge_test.js", - "contractFile": "arithmetic/tokensalechallenge.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack_complete (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js:41:5)" + "contractFile": "arithmetic/tokensalechallenge.sol", + "state": "passed" + }, + { + "title": "sanity check: bad_randomness/blackjack.sol", + "file": "bad_randomness/blackjack_test.js", + "contractFile": "bad_randomness/blackjack.sol", + "state": "passed" }, { "title": "exploit bad randomness vulnerability", "file": "bad_randomness/blackjack_test.js", - "contractFile": "bad_randomness/blackjack.bin", - "state": "failed", - "error": "expected 5000000000000000000 to be above 10000000000000000000.", - "stack": "AssertionError: expected 5000000000000000000 to be above 10000000000000000000.\n at Context. (test/bad_randomness/blackjack_test.js:70:41)" + "contractFile": "bad_randomness/blackjack.sol", + "state": "passed" + }, + { + "title": "sanity check: bad_randomness/etheraffle.sol", + "file": "bad_randomness/etheraffle_test.js", + "contractFile": "bad_randomness/etheraffle.sol", + "state": "passed" }, { "title": "exploit bad randomness vulnerability", "file": "bad_randomness/etheraffle_test.js", - "contractFile": "bad_randomness/etheraffle.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/bad_randomness/etheraffle_test.js:50:13)" + "contractFile": "bad_randomness/etheraffle.sol", + "state": "passed" + }, + { + "title": "sanity check: bad_randomness/guess_the_random_number.sol", + "file": "bad_randomness/guess_the_random_number_test.js", + "contractFile": "bad_randomness/guess_the_random_number.sol", + "state": "passed" }, { "title": "exploit bad randomness vulnerability", "file": "bad_randomness/guess_the_random_number_test.js", - "contractFile": "bad_randomness/guess_the_random_number.bin", + "contractFile": "bad_randomness/guess_the_random_number.sol", "state": "passed" }, { - "title": "exploit brad randomness vulnerability", + "title": "sanity check: bad_randomness/old_blockhash.sol", "file": "bad_randomness/old_blockhash_test.js", - "contractFile": "bad_randomness/old_blockhash.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/bad_randomness/old_blockhash_test.js:45:9)" + "contractFile": "bad_randomness/old_blockhash.sol", + "state": "passed" + }, + { + "title": "exploit bad randomness vulnerability", + "file": "bad_randomness/old_blockhash_test.js", + "contractFile": "bad_randomness/old_blockhash.sol", + "state": "passed" + }, + { + "title": "sanity check: denial_of_service/auction.sol", + "file": "denial_of_service/auction_test.js", + "contractFile": "denial_of_service/auction.sol", + "state": "passed" }, { "title": "exploit denial of service vulnerability", "file": "denial_of_service/auction_test.js", - "contractFile": "denial_of_service/auction.bin", - "state": "failed", - "error": "Expected transaction to be reverted", - "stack": "AssertionError: Expected transaction to be reverted\n at Context. (test/denial_of_service/auction_test.js:34:9)" + "contractFile": "denial_of_service/auction.sol", + "state": "passed" + }, + { + "title": "sanity check: denial_of_service/dos_address.sol", + "file": "denial_of_service/dos_address_test.js", + "contractFile": "denial_of_service/dos_address.sol", + "state": "passed" }, { "title": "exploit denial of service vulnerability", "file": "denial_of_service/dos_address_test.js", - "contractFile": "denial_of_service/dos_address.bin", + "contractFile": "denial_of_service/dos_address.sol", + "state": "passed" + }, + { + "title": "sanity check: denial_of_service/dos_number.sol", + "file": "denial_of_service/dos_number_test.js", + "contractFile": "denial_of_service/dos_number.sol", "state": "passed" }, { "title": "exploit denial of service vulnerability", "file": "denial_of_service/dos_number_test.js", - "contractFile": "denial_of_service/dos_number.bin", + "contractFile": "denial_of_service/dos_number.sol", + "state": "passed" + }, + { + "title": "sanity check: denial_of_service/dos_simple.sol", + "file": "denial_of_service/dos_simple_test.js", + "contractFile": "denial_of_service/dos_simple.sol", "state": "passed" }, { "title": "exploit denial of service vulnerability", "file": "denial_of_service/dos_simple_test.js", - "contractFile": "denial_of_service/dos_simple.bin", + "contractFile": "denial_of_service/dos_simple.sol", + "state": "passed" + }, + { + "title": "sanity check: front_running/ERC20.sol", + "file": "front_running/ERC20_test.js", + "contractFile": "front_running/ERC20.sol", "state": "passed" }, { "title": "front running vulnerability", "file": "front_running/ERC20_test.js", - "contractFile": "front_running/ERC20.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.balanceOf (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/front_running/ERC20_test.js:23:35)" + "contractFile": "front_running/ERC20.sol", + "state": "passed" + }, + { + "title": "sanity check: front_running/eth_tx_order_dependence_minimal.sol", + "file": "front_running/eth_tx_order_dependence_minimal_test.js", + "contractFile": "front_running/eth_tx_order_dependence_minimal.sol", + "state": "passed" }, { "title": "front running vulnerability in setReward() function", "file": "front_running/eth_tx_order_dependence_minimal_test.js", - "contractFile": "front_running/eth_tx_order_dependence_minimal.bin", + "contractFile": "front_running/eth_tx_order_dependence_minimal.sol", "state": "passed" }, { "title": "front running vulnerability in claimReward() function", "file": "front_running/eth_tx_order_dependence_minimal_test.js", - "contractFile": "front_running/eth_tx_order_dependence_minimal.bin", + "contractFile": "front_running/eth_tx_order_dependence_minimal.sol", + "state": "passed" + }, + { + "title": "sanity check: front_running/odds_and_evens.sol", + "file": "front_running/odds_and_evens_test.js", + "contractFile": "front_running/odds_and_evens.sol", "state": "passed" }, { "title": "front running vulnerability", "file": "front_running/odds_and_evens_test.js", - "contractFile": "front_running/odds_and_evens.bin", - "state": "failed", - "error": "expected 2000000000000000000 to equal 200000000000000000.", - "stack": "AssertionError: expected 2000000000000000000 to equal 200000000000000000.\n at Context. (test/front_running/odds_and_evens_test.js:44:34)" + "contractFile": "front_running/odds_and_evens.sol", + "state": "passed" + }, + { + "title": "sanity check: other/crypto_roulette.sol", + "file": "other/crypto_roulette_test.js", + "contractFile": "other/crypto_roulette.sol", + "state": "passed" }, { "title": "exploit uninitialized storage vulnerability", "file": "other/crypto_roulette_test.js", - "contractFile": "other/crypto_roulette.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.play (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/other/crypto_roulette_test.js:39:18)" + "contractFile": "other/crypto_roulette.sol", + "state": "passed" + }, + { + "title": "sanity check: other/name_registrar.sol", + "file": "other/name_registrar_test.js", + "contractFile": "other/name_registrar.sol", + "state": "passed" }, { "title": "exploit uninitialized storage vulnerability", "file": "other/name_registrar_test.js", - "contractFile": "other/name_registrar.bin", + "contractFile": "other/name_registrar.sol", + "state": "passed" + }, + { + "title": "sanity check: other/open_address_lottery.sol", + "file": "other/open_address_lottery_test.js", + "contractFile": "other/open_address_lottery.sol", "state": "passed" }, { "title": "exploit uninitialized storage vulnerability", "file": "other/open_address_lottery_test.js", - "contractFile": "other/open_address_lottery.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.forceReseed (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/other/open_address_lottery_test.js:34:19)" + "contractFile": "other/open_address_lottery.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", + "file": "reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js", + "contractFile": "reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js", - "contractFile": "reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.bin", + "contractFile": "reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", + "file": "reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js", + "contractFile": "reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js", - "contractFile": "reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.bin", - "state": "failed", - "error": "expected 7000000000000000000 to be below 6000000000000000000.", - "stack": "AssertionError: expected 7000000000000000000 to be below 6000000000000000000.\n at Context. (test/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js:68:37)" + "contractFile": "reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", + "file": "reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js", + "contractFile": "reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js", - "contractFile": "reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.bin", + "contractFile": "reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", + "file": "reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js", + "contractFile": "reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js", - "contractFile": "reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.bin", + "contractFile": "reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol", + "file": "reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js", + "contractFile": "reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol", "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js", - "contractFile": "reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.bin", + "contractFile": "reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", + "file": "reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js", + "contractFile": "reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js", - "contractFile": "reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x666d0c3da3dbc946d5128d06115bb4eed4595580)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js:36:5)" + "contractFile": "reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", + "state": "passed" }, { - "title": "\"before each\" hook for \"should successfully drain funds through reentrancy attack\"", + "title": "sanity check: reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", "file": "reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js", - "contractFile": "reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at .constructor (unknown)\n at .constructor (unknown)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at ContractFactory.deploy (node_modules/ethers/src.ts/contract/factory.ts:111:24)\n at Context. (test/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js:25:14)" + "contractFile": "reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js", + "contractFile": "reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", "file": "reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js", - "contractFile": "reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x286b8decd5ed79c962b2d8f4346cd97ff0e2c352)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js:36:5)" + "contractFile": "reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js", + "contractFile": "reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol", "file": "reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js", - "contractFile": "reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.bin", - "state": "failed", - "error": "expected 10000000000000000000 to be below 6000000000000000000.", - "stack": "AssertionError: expected 10000000000000000000 to be below 6000000000000000000.\n at Context. (test/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js:70:38)" + "contractFile": "reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js", + "contractFile": "reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", "file": "reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js", - "contractFile": "reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x2a590c461db46bca129e8dbe5c3998a8ff402e76)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js:38:5)" + "contractFile": "reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js", + "contractFile": "reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", "file": "reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js", - "contractFile": "reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.bin", - "state": "failed", - "error": "expected 7000000000000000000 to be below 5000000000000000000.", - "stack": "AssertionError: expected 7000000000000000000 to be below 5000000000000000000.\n at Context. (test/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js:67:37)" + "contractFile": "reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js", + "contractFile": "reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", "file": "reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js", - "contractFile": "reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js:37:9)" + "contractFile": "reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js", + "contractFile": "reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", "file": "reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js", - "contractFile": "reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.bin", + "contractFile": "reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js", + "contractFile": "reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", "file": "reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js", - "contractFile": "reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.bin", - "state": "failed", - "error": "expected 7000000000000000000 to be below 5000000000000000000.", - "stack": "AssertionError: expected 7000000000000000000 to be below 5000000000000000000.\n at Context. (test/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js:68:37)" + "contractFile": "reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js", + "contractFile": "reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", "file": "reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js", - "contractFile": "reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.bin", - "state": "failed", - "error": "expected 7000000000000000000 to be below 6000000000000000000.", - "stack": "AssertionError: expected 7000000000000000000 to be below 6000000000000000000.\n at Context. (test/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js:68:37)" + "contractFile": "reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js", + "contractFile": "reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", "file": "reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js", - "contractFile": "reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.bin", - "state": "failed", - "error": "expected 9000000000000000000 to be below 6000000000000000000.", - "stack": "AssertionError: expected 9000000000000000000 to be below 6000000000000000000.\n at Context. (test/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js:68:37)" + "contractFile": "reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js", + "contractFile": "reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", "file": "reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js", - "contractFile": "reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js:37:5)" + "contractFile": "reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js", + "contractFile": "reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", "file": "reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js", - "contractFile": "reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0xbbc18b580256a82dc0f9a86152b8b22e7c1c8005)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js:36:5)" + "contractFile": "reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js", + "contractFile": "reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", "file": "reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js", - "contractFile": "reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x24432a08869578aaf4d1eada12e1e78f171b1a2b)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.Put (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (test/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js:36:5)" + "contractFile": "reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js", + "contractFile": "reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/etherstore.sol", "file": "reentrancy/etherstore_test.js", - "contractFile": "reentrancy/etherstore.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.depositFunds (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/etherstore_test.js:32:9)" + "contractFile": "reentrancy/etherstore.sol", + "state": "passed" + }, + { + "title": "should successfully drain funds through reentrancy attack", + "file": "reentrancy/etherstore_test.js", + "contractFile": "reentrancy/etherstore.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/modifier_reentrancy.sol", + "file": "reentrancy/modifier_reentrancy_test.js", + "contractFile": "reentrancy/modifier_reentrancy.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/modifier_reentrancy_test.js", - "contractFile": "reentrancy/modifier_reentrancy.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.tokenBalance (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/modifier_reentrancy_test.js:38:36)" + "contractFile": "reentrancy/modifier_reentrancy.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/reentrance.sol", + "file": "reentrancy/reentrance_test.js", + "contractFile": "reentrancy/reentrance.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/reentrance_test.js", - "contractFile": "reentrancy/reentrance.bin", - "state": "failed", - "error": "expected 9000000000000000000 to be below 8000000000000000000.", - "stack": "AssertionError: expected 9000000000000000000 to be below 8000000000000000000.\n at Context. (test/reentrancy/reentrance_test.js:60:37)" + "contractFile": "reentrancy/reentrance.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/reentrancy_bonus.sol", + "file": "reentrancy/reentrancy_bonus_test.js", + "contractFile": "reentrancy/reentrancy_bonus.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/reentrancy_bonus_test.js", - "contractFile": "reentrancy/reentrancy_bonus.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_bonus_test.js:51:9)" + "contractFile": "reentrancy/reentrancy_bonus.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/reentrancy_dao.sol", + "file": "reentrancy/reentrancy_dao_test.js", + "contractFile": "reentrancy/reentrancy_dao.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/reentrancy_dao_test.js", - "contractFile": "reentrancy/reentrancy_dao.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.deposit (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_dao_test.js:30:9)" + "contractFile": "reentrancy/reentrancy_dao.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/reentrancy_simple.sol", + "file": "reentrancy/reentrancy_simple_test.js", + "contractFile": "reentrancy/reentrancy_simple.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/reentrancy_simple_test.js", - "contractFile": "reentrancy/reentrancy_simple.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.addToBalance (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_simple_test.js:29:9)" + "contractFile": "reentrancy/reentrancy_simple.sol", + "state": "passed" + }, + { + "title": "sanity check: reentrancy/simpleDAO.sol", + "file": "reentrancy/simple_dao_test.js", + "contractFile": "reentrancy/simple_dao.sol", + "state": "passed" }, { "title": "should successfully drain funds through reentrancy attack", "file": "reentrancy/simple_dao_test.js", - "contractFile": "reentrancy/simple_dao.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.attack (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/reentrancy/simple_dao_test.js:50:5)" + "contractFile": "reentrancy/simple_dao.sol", + "state": "passed" + }, + { + "title": "sanity check: time_manipulation/ether_lotto.sol", + "file": "time_manipulation/ether_lotto_test.js", + "contractFile": "time_manipulation/ether_lotto.sol", + "state": "passed" }, { "title": "exploit time manipulation vulnerability", "file": "time_manipulation/ether_lotto_test.js", - "contractFile": "time_manipulation/ether_lotto.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.play (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/time_manipulation/ether_lotto_test.js:33:20)" + "contractFile": "time_manipulation/ether_lotto.sol", + "state": "passed" + }, + { + "title": "sanity check: time_manipulation/roulette.sol", + "file": "time_manipulation/roulette_test.js", + "contractFile": "time_manipulation/roulette.sol", + "state": "passed" }, { "title": "exploit time manipulation vulnerability", "file": "time_manipulation/roulette_test.js", - "contractFile": "time_manipulation/roulette.bin", + "contractFile": "time_manipulation/roulette.sol", + "state": "passed" + }, + { + "title": "sanity check: time_manipulation/timed_crowdsale.sol", + "file": "time_manipulation/timed_crowdsale_test.js", + "contractFile": "time_manipulation/timed_crowdsale.sol", "state": "passed" }, { "title": "exploit time manipulation vulnerability", "file": "time_manipulation/timed_crowdsale_test.js", - "contractFile": "time_manipulation/timed_crowdsale.bin", + "contractFile": "time_manipulation/timed_crowdsale.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol", + "file": "unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js", + "contractFile": "unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js", - "contractFile": "unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0x9fe46736679d2d9a65f0992f2272de9f3c7fa6e0)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.wager (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at waitForPendingTransaction (node_modules/@nomicfoundation/hardhat-chai-matchers/src/internal/emit.ts:28:17)\n at Context. (test/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js:40:5)" + "contractFile": "unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol", + "file": "unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js", + "contractFile": "unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js", - "contractFile": "unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js:41:5)" + "contractFile": "unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", + "file": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js", + "contractFile": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToken()", "file": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js", - "contractFile": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.bin", + "contractFile": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToHolder()", "file": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js", - "contractFile": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.bin", + "contractFile": "unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", + "file": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js", + "contractFile": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToken()", "file": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js", - "contractFile": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.bin", + "contractFile": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToHolder()", "file": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js", - "contractFile": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.bin", + "contractFile": "unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol", + "file": "unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js", + "contractFile": "unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js", - "contractFile": "unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js:41:5)" + "contractFile": "unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol", + "file": "unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js", + "contractFile": "unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js", - "contractFile": "unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js:41:5)" + "contractFile": "unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol", + "file": "unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js", + "contractFile": "unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js", - "contractFile": "unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js:33:5)" + "contractFile": "unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", + "file": "unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js", + "contractFile": "unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToken()", "file": "unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js", - "contractFile": "unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.bin", - "state": "failed", - "error": "InvalidJump", - "stack": "ProviderError: InvalidJump\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at staticCallResult (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:337:22)\n at staticCall (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:303:24)\n at Proxy.Holders (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:351:41)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js:47:12)" + "contractFile": "unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol", + "file": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js", + "contractFile": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in function withdrawAuctionBalances()", "file": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js", - "contractFile": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.bin", + "contractFile": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in function giveBirth()", "file": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js", - "contractFile": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.bin", + "contractFile": "unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol", + "file": "unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js", + "contractFile": "unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js", - "contractFile": "unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.bin", - "state": "failed", - "error": "Transaction reverted without a reason string", - "stack": "Error: Transaction reverted without a reason string\n at . (0xc351628eb244ec633d5f21fbd6621e1a683b1181)\n at EdrProviderWrapper.request (node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:446:41)\n at HardhatEthersSigner.sendTransaction (node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.wager (node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at waitForPendingTransaction (node_modules/@nomicfoundation/hardhat-chai-matchers/src/internal/emit.ts:28:17)\n at Context. (test/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js:40:5)" + "contractFile": "unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_attack.sol", + "file": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js", + "contractFile": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in line 192", "file": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js", - "contractFile": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at waitForPendingTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-chai-matchers/src/internal/emit.ts:28:17)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js:45:5)" + "contractFile": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in line 180", "file": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js", - "contractFile": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.bin", - "state": "failed", - "error": "Transaction reverted without a reason", - "stack": "ProviderError: Transaction reverted without a reason\n at EdrProviderWrapper.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/hardhat/src/internal/hardhat-network/provider/provider.ts:455:19)\n at HardhatEthersSigner.sendTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-ethers/src/signers.ts:125:18)\n at send (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:313:20)\n at Proxy.request (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/ethers/src.ts/contract/contract.ts:352:16)\n at waitForPendingTransaction (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/node_modules/@nomicfoundation/hardhat-chai-matchers/src/internal/emit.ts:28:17)\n at Context. (/home/mokita/sc_study/solidity-hack-labs/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js:83:5)" + "contractFile": "unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", + "file": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js", + "contractFile": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToken()", "file": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js", - "contractFile": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.bin", + "contractFile": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability in WithdrawToHolder()", "file": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js", - "contractFile": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.bin", + "contractFile": "unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol", + "file": "unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js", + "contractFile": "unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js", - "contractFile": "unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.bin", - "state": "failed", - "error": "expected 1000000000000000000 to equal 999999999999999990.", - "stack": "AssertionError: expected 1000000000000000000 to equal 999999999999999990.\n at Context. (test/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js:43:48)" + "contractFile": "unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol", + "file": "unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js", + "contractFile": "unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js", - "contractFile": "unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js:41:5)" + "contractFile": "unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol", + "file": "unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js", + "contractFile": "unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js", - "contractFile": "unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.bin", + "contractFile": "unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol", + "file": "unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js", + "contractFile": "unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js", - "contractFile": "unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted, but it reverted with reason 'Ether transfer failed'", - "stack": "AssertionError: Expected transaction NOT to be reverted, but it reverted with reason 'Ether transfer failed'\n at Context. (test/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js:40:5)" + "contractFile": "unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol", + "file": "unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js", + "contractFile": "unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js", - "contractFile": "unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.bin", + "contractFile": "unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol", + "file": "unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js", + "contractFile": "unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js", - "contractFile": "unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.bin", + "contractFile": "unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol", + "file": "unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js", + "contractFile": "unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol", "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js", - "contractFile": "unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js:41:5)" + "contractFile": "unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol", + "state": "passed" + }, + { + "title": "sanity check: unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol", + "file": "unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js", + "contractFile": "unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol", + "state": "passed" }, { "title": "exploit unchecked low level call vulnerability", "file": "unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js", - "contractFile": "unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.bin", - "state": "failed", - "error": "Expected transaction NOT to be reverted", - "stack": "AssertionError: Expected transaction NOT to be reverted\n at Context. (test/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js:42:5)" + "contractFile": "unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol", + "state": "passed" } ] } \ No newline at end of file diff --git a/smartbugs-curated/0.4.x/test/access_control/FibonacciBalance_test.js b/smartbugs-curated/0.4.x/test/access_control/FibonacciBalance_test.js index cb2b97f..2fe1b4f 100644 --- a/smartbugs-curated/0.4.x/test/access_control/FibonacciBalance_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/FibonacciBalance_test.js @@ -32,6 +32,23 @@ describe('attack access_control/FibonacciBalance.sol', function () { return {lib, victim, attacker}; } + it('sanity check: access_control/FibonacciBalance.sol', async function () { + const [v] = await ethers.getSigners(); + const {victim} = await loadFixture(deployContracts); + const fibonacciLibrary = await victim.fibonacciLibrary(); + expect(fibonacciLibrary).to.not.be.empty; + // await expect(victim.withdraw()).to.not.be.reverted; + const abi = ["function setFibonacci(uint n)"]; + const iface = new ethers.Interface(abi); + + const data = iface.encodeFunctionData("setFibonacci", [1]); + await expect(v.sendTransaction({ + to: victim.target, + data: data, + })).not.be.reverted; + + }); + it('exploit access control vulnerability', async function () { const {lib, victim, attacker} = await loadFixture(deployContracts); const victim_addr = victim.target; diff --git a/smartbugs-curated/0.4.x/test/access_control/arbitrary_location_write_simple_test.js b/smartbugs-curated/0.4.x/test/access_control/arbitrary_location_write_simple_test.js index f35a1d7..dca4e93 100644 --- a/smartbugs-curated/0.4.x/test/access_control/arbitrary_location_write_simple_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/arbitrary_location_write_simple_test.js @@ -19,6 +19,12 @@ describe('attack access_control/arbitrary_location_write_simple.sol', function ( return {victim, attacker}; } + it('sanity check: access_control/arbitrary_location_write_simple.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.PushBonusCode(1)).to.not.be.reverted; + await expect(victim.PopBonusCode()).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name1_test.js b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name1_test.js index 1db430c..1f8b409 100644 --- a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name1_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name1_test.js @@ -4,12 +4,14 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/incorrect_constructor_name1.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/incorrect_constructor_name1.sol/Missing.json'); const json = JSON.parse(fs.readFileSync(codePath)); const Missing = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await Missing.deploy(); + const victim = await Missing.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -19,6 +21,13 @@ describe('attack access_control/incorrect_constructor_name1.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/incorrect_constructor_name1.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(owner.sendTransaction( + {to: victim.target, value: 1} + )).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victim_addr = await victim.getAddress(); diff --git a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name2_test.js b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name2_test.js index e25c122..32fb979 100644 --- a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name2_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name2_test.js @@ -4,12 +4,14 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/incorrect_constructor_name2.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/incorrect_constructor_name2.sol/Missing.json'); const json = JSON.parse(fs.readFileSync(codePath)); const Missing = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await Missing.deploy(); + const victim = await Missing.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -19,6 +21,13 @@ describe('attack access_control/incorrect_constructor_name2.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/incorrect_constructor_name2.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(owner.sendTransaction( + {to: victim.target, value: 1} + )).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victim_addr = await victim.getAddress(); diff --git a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name3_test.js b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name3_test.js index f038c49..b23416b 100644 --- a/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name3_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/incorrect_constructor_name3_test.js @@ -4,12 +4,14 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/incorrect_constructor_name3.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/incorrect_constructor_name3.sol/Missing.json'); const json = JSON.parse(fs.readFileSync(codePath)); const Missing = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await Missing.deploy(); + const victim = await Missing.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -19,6 +21,13 @@ describe('attack access_control/incorrect_constructor_name3.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/incorrect_constructor_name3.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(owner.sendTransaction( + {to: victim.target, value: 1} + )).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victim_addr = await victim.getAddress(); diff --git a/smartbugs-curated/0.4.x/test/access_control/mapping_write_test.js b/smartbugs-curated/0.4.x/test/access_control/mapping_write_test.js index a2a7a88..6605f7c 100644 --- a/smartbugs-curated/0.4.x/test/access_control/mapping_write_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/mapping_write_test.js @@ -20,6 +20,12 @@ describe('attack access_control/mapping_write.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/mapping_write.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.set(1, 1)).to.not.be.reverted; + expect(await victim.get(1)).to.equal(1); + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/multiowned_vulnerable_test.js b/smartbugs-curated/0.4.x/test/access_control/multiowned_vulnerable_test.js index 6c32eef..27092ce 100644 --- a/smartbugs-curated/0.4.x/test/access_control/multiowned_vulnerable_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/multiowned_vulnerable_test.js @@ -4,11 +4,13 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/multiowned_vulnerable.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/multiowned_vulnerable.sol/TestContract.json'); const json = JSON.parse(fs.readFileSync(codePath)); const TestContract = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await TestContract.deploy(); + const victim = await TestContract.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -18,14 +20,19 @@ describe('attack access_control/multiowned_vulnerable.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/multiowned_vulnerable.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).newOwner(owner.address)).to.not.be.reverted; + await expect(victim.connect(owner).withdrawAll()).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); - const [v] = await ethers.getSigners(); const victim_addr = await victim.getAddress(); const attacker_addr = await attacker.getAddress(); const amount = ethers.parseEther("1.0"); - await v.sendTransaction({ + await owner.sendTransaction({ to: victim_addr, value: amount, }); diff --git a/smartbugs-curated/0.4.x/test/access_control/mycontract_test.js b/smartbugs-curated/0.4.x/test/access_control/mycontract_test.js index 1c4dc40..bb9066f 100644 --- a/smartbugs-curated/0.4.x/test/access_control/mycontract_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/mycontract_test.js @@ -9,9 +9,7 @@ describe('attack access_control/mycontract.sol', function () { let attacker_sig; let amount; async function deployContracts() { - const [v, a] = await ethers.getSigners(); - victim_sig = v; - attacker_sig = a; + [victim_sig, attacker_sig] = await ethers.getSigners(); const ownerNonce = await victim_sig.getNonce() + 1; const futureAddress = getContractAddress({ from: victim_sig.address, @@ -26,7 +24,7 @@ describe('attack access_control/mycontract.sol', function () { const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/mycontract.sol/MyContract.json'); const json = JSON.parse(fs.readFileSync(codePath)); const MyContract = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await MyContract.deploy(); + const victim = await MyContract.connect(victim_sig).deploy(); await victim.waitForDeployment(); const victim_addr = await victim.getAddress(); @@ -36,6 +34,11 @@ describe('attack access_control/mycontract.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/mycontract.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(victim_sig).sendTo(victim_sig.address, 1)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victim_addr = await victim.getAddress(); diff --git a/smartbugs-curated/0.4.x/test/access_control/parity_wallet_bug_2_test.js b/smartbugs-curated/0.4.x/test/access_control/parity_wallet_bug_2_test.js index c336b19..689783e 100644 --- a/smartbugs-curated/0.4.x/test/access_control/parity_wallet_bug_2_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/parity_wallet_bug_2_test.js @@ -4,11 +4,13 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/parity_wallet_bug_2.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/parity_wallet_bug_2.sol/WalletLibrary.json'); const json = JSON.parse(fs.readFileSync(codePath)); const WalletLibrary = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await WalletLibrary.deploy(); + const victim = await WalletLibrary.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -18,6 +20,12 @@ describe('attack access_control/parity_wallet_bug_2.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/parity_wallet_bug_2.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).initWallet([owner.address], 1, 1)).to.not.be.reverted; + await expect(victim.connect(owner).kill(owner.address)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const amount = ethers.parseEther("1"); diff --git a/smartbugs-curated/0.4.x/test/access_control/phishable_test.js b/smartbugs-curated/0.4.x/test/access_control/phishable_test.js index 44d893a..1db23a6 100644 --- a/smartbugs-curated/0.4.x/test/access_control/phishable_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/phishable_test.js @@ -25,6 +25,11 @@ describe('attack access_control/phishable.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/phishable.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(victim_sig).withdrawAll(victim_sig.address)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/proxy_test.js b/smartbugs-curated/0.4.x/test/access_control/proxy_test.js index ff5f969..7dcb3d6 100644 --- a/smartbugs-curated/0.4.x/test/access_control/proxy_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/proxy_test.js @@ -35,6 +35,16 @@ describe('attack access_control/proxy.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/proxy.sol', async function () { + const {victim, attacker} = await loadFixture(deployContracts); + const attackerInterface = new ethers.Interface([ + "function benign()" + ]); + + const data = attackerInterface.encodeFunctionData("benign"); + await expect( victim.forward(attacker.target, data)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victim_addr = await victim.getAddress(); diff --git a/smartbugs-curated/0.4.x/test/access_control/simple_suicide_test.js b/smartbugs-curated/0.4.x/test/access_control/simple_suicide_test.js index ae64d23..148d147 100644 --- a/smartbugs-curated/0.4.x/test/access_control/simple_suicide_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/simple_suicide_test.js @@ -4,11 +4,13 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/simple_suicide.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/simple_suicide.sol/SimpleSuicide.json'); const json = JSON.parse(fs.readFileSync(codePath)); const SimpleSuicide = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await SimpleSuicide.deploy(); + const victim = await SimpleSuicide.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -18,6 +20,11 @@ describe('attack access_control/simple_suicide.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/simple_suicide.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).sudicideAnyone(owner)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); expect(await ethers.provider.getCode(await victim.getAddress())).not.to.equal("0x"); diff --git a/smartbugs-curated/0.4.x/test/access_control/unprotected0_test.js b/smartbugs-curated/0.4.x/test/access_control/unprotected0_test.js index 6d89fb9..81329ea 100644 --- a/smartbugs-curated/0.4.x/test/access_control/unprotected0_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/unprotected0_test.js @@ -4,11 +4,13 @@ const path = require("path"); const fs = require("fs"); describe('attack access_control/unprotected0.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/access_control/unprotected0.sol/Unprotected.json'); const json = JSON.parse(fs.readFileSync(codePath)); const Unprotected = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await Unprotected.deploy(); + const victim = await Unprotected.connect(owner).deploy(); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -18,6 +20,11 @@ describe('attack access_control/unprotected0.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/unprotected0.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).changeOwner(owner)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/wallet_02_refund_nosub_test.js b/smartbugs-curated/0.4.x/test/access_control/wallet_02_refund_nosub_test.js index b3194a4..30fe0de 100644 --- a/smartbugs-curated/0.4.x/test/access_control/wallet_02_refund_nosub_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/wallet_02_refund_nosub_test.js @@ -18,6 +18,12 @@ describe('attack access_control/wallet_02_refund_nosub.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/wallet_02_refund_nosub.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.deposit({value: 1})).to.not.be.reverted; + await expect(victim.withdraw(1)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/wallet_03_wrong_constructor_test.js b/smartbugs-curated/0.4.x/test/access_control/wallet_03_wrong_constructor_test.js index 8e6012a..f53956b 100644 --- a/smartbugs-curated/0.4.x/test/access_control/wallet_03_wrong_constructor_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/wallet_03_wrong_constructor_test.js @@ -18,6 +18,12 @@ describe('attack access_control/wallet_03_wrong_constructor.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/wallet_03_wrong_constructor.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.deposit({value: 1})).to.not.be.reverted; + await expect(victim.withdraw(1)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/access_control/wallet_04_confused_sign_test.js b/smartbugs-curated/0.4.x/test/access_control/wallet_04_confused_sign_test.js index 2de0d08..3babe8d 100644 --- a/smartbugs-curated/0.4.x/test/access_control/wallet_04_confused_sign_test.js +++ b/smartbugs-curated/0.4.x/test/access_control/wallet_04_confused_sign_test.js @@ -18,6 +18,12 @@ describe('attack access_control/wallet_04_confused_sign.sol', function () { return {victim, attacker}; } + it('sanity check: access_control/wallet_04_confused_sign.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.deposit({value: 1})).to.not.be.reverted; + await expect(victim.withdraw(1)).to.not.be.reverted; + }); + it('exploit access control vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/BECToken_test.js b/smartbugs-curated/0.4.x/test/arithmetic/BECToken_test.js index 4d51362..d0df0db 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/BECToken_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/BECToken_test.js @@ -4,12 +4,14 @@ const path = require("path"); const fs = require("fs"); describe('attack arithmetic/BECToken.sol', function () { + let owner; async function deployContracts() { + [owner] = await ethers.getSigners(); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/arithmetic/BECToken.sol/BecToken.json'); const json = JSON.parse(fs.readFileSync(codePath)); const BECToken = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await BECToken.deploy(); + const victim = await BECToken.connect(owner).deploy(); await victim.waitForDeployment(); const BecTokenAttacker = await ethers.getContractFactory('contracts/arithmetic/BECToken_attack.sol:BecTokenAttacker'); @@ -19,6 +21,19 @@ describe('attack arithmetic/BECToken.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/BECToken.sol', async function () { + const {victim} = await loadFixture(deployContracts); + const balance = await victim.balanceOf(victim.target); + expect(balance).to.equal(0); + const ownerBalance = await victim.balanceOf(await owner.address); + expect(ownerBalance).to.equal(await victim.totalSupply()); + await victim.batchTransfer([victim.target], 10); + const newBalance = await victim.balanceOf(victim.target); + expect(newBalance).to.equal(10); + const newOwnerBalance = await victim.balanceOf(await owner.address); + expect(newOwnerBalance).to.equal(ownerBalance - newBalance); + }); + it('exploit overflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_add_test.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_add_test.js index f9fa0a1..8dda013 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_add_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_add_test.js @@ -18,6 +18,12 @@ describe('attack arithmetic/integer_overflow_add.sol', function () { return {overflow, attacker}; } + it('sanity check: arithmetic/integer_overflow_add.sol', async function () { + const {overflow} = await loadFixture(deployContracts); + expect(await overflow.count()).to.equal(1); + await overflow.run(1); + expect(await overflow.count()).to.equal(2); + }); it('exploit overflow vulnerability', async function () { const {overflow, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mapping_sym_1.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mapping_sym_1_test.js similarity index 100% rename from smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mapping_sym_1.js rename to smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mapping_sym_1_test.js diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_minimal_test.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_minimal_test.js index 638eb19..dafbd88 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_minimal_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_minimal_test.js @@ -18,6 +18,12 @@ describe('attack arithmetic/integer_overflow_minimal.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/integer_overflow_benign_1.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.run(0); + expect(await victim.count()).to.equal(1); + }); it('exploit underflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mul_test.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mul_test.js index ec7ef42..cf7e918 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mul_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_mul_test.js @@ -19,6 +19,12 @@ describe('attack arithmetic/integer_overflow_mul.sol', function () { return {overflow, attacker}; } + it('sanity check: arithmetic/integer_overflow_mul.sol', async function () { + const {overflow} = await loadFixture(deployContracts); + expect(await overflow.count()).to.equal(2); + await overflow.run(2); + expect(await overflow.count()).to.equal(4); + }); it('exploit overflow vulnerability', async function () { const {overflow, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_multifunc_feasible_test.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_multifunc_feasible_test.js index a76eb1d..3d444b7 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_multifunc_feasible_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_multifunc_feasible_test.js @@ -19,6 +19,14 @@ describe('attack arithmetic/integer_overflow_multitx_multifunc_feasible.sol', fu return {victim, attacker}; } + it('sanity check: arithmetic/integer_overflow_multitx_multifunc_feasible.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.init(); + await victim.run(1); + expect(await victim.count()).to.equal(0); + }); + it('exploit underflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_onefunc_feasible_test.js b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_onefunc_feasible_test.js index b534365..a3b86ae 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_onefunc_feasible_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/integer_overflow_multitx_onefunc_feasible_test.js @@ -18,6 +18,14 @@ describe('attack arithmetic/integer_overflow_multitx_onefunc_feasible.sol', func return {victim, attacker}; } + it('sanity check: arithmetic/integer_overflow_multitx_onefunc_feasible.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.run(1); + await victim.run(1); + expect(await victim.count()).to.equal(0); + }); + it('exploit underflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/overflow_simple_add_test.js b/smartbugs-curated/0.4.x/test/arithmetic/overflow_simple_add_test.js index 5cb7fce..09b9e45 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/overflow_simple_add_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/overflow_simple_add_test.js @@ -18,6 +18,12 @@ describe('attack arithmetic/overflow_simple_add.sol', function () { return {overflow, attacker}; } + it('sanity check: arithmetic/overflow_simple_add.sol', async function () { + const {overflow} = await loadFixture(deployContracts); + expect(await overflow.balance()).to.equal(1); + await overflow.add(1); + expect(await overflow.balance()).to.equal(2); + }); it('exploit overflow vulnerability', async function () { const {overflow, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js b/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js index cb0bf79..2bbb610 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/overflow_single_tx_test.js @@ -18,6 +18,27 @@ describe('attack arithmetic/overflow_single_tx.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/overflow_single_tx.sol add', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.overflowaddtostate(1); + expect(await victim.count()).to.equal(2); + }); + + it('sanity check: arithmetic/overflow_single_tx.sol mul', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.overflowmultostate(2); + expect(await victim.count()).to.equal(2); + }); + + it('sanity check: arithmetic/overflow_single_tx.sol sub', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + await victim.underflowtostate(1); + expect(await victim.count()).to.equal(0); + }); + it('exploit overflow add vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/timelock_test.js b/smartbugs-curated/0.4.x/test/arithmetic/timelock_test.js index 0d1b236..f006b7e 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/timelock_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/timelock_test.js @@ -1,4 +1,4 @@ -const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); +const { loadFixture, time } = require('@nomicfoundation/hardhat-network-helpers'); const { expect } = require('chai'); const path = require("path"); const fs = require("fs"); @@ -18,6 +18,16 @@ describe('attack arithmetic/timeLock.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/timeLock.sol', async function () { + const [sig] = await ethers.getSigners(); + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(sig).deposit({value:1})).to.not.be.reverted; + await victim.connect(sig).increaseLockTime(1); + await time.increase(3600 * 24 * 8); + await expect(victim.connect(sig).withdraw()).to.not.be.reverted; + expect(await victim.balances(sig.address)).to.equal(0); + }); + it('exploit overflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/token_test.js b/smartbugs-curated/0.4.x/test/arithmetic/token_test.js index bc181f8..258399a 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/token_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/token_test.js @@ -5,14 +5,15 @@ const fs = require("fs"); describe('attack arithmetic/token.sol', function () { let to_address; + let owner; async function deployContracts() { const randomPrivateKey = ethers.Wallet.createRandom().privateKey; - + [owner] = await ethers.getSigners(); to_address = ethers.computeAddress(randomPrivateKey); const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/arithmetic/token.sol/Token.json'); const json = JSON.parse(fs.readFileSync(codePath)); const Token = await ethers.getContractFactory(json.abi, json.bytecode); - const victim = await Token.deploy(1); + const victim = await Token.connect(owner).deploy(1); await victim.waitForDeployment(); const address = await victim.getAddress(); @@ -22,6 +23,14 @@ describe('attack arithmetic/token.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/token.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.balanceOf(owner.address)).to.equal(1); + expect(await victim.balanceOf(victim.target)).to.equal(0); + await victim.transfer(victim.target, 1); + expect(await victim.balanceOf(owner.address)).to.equal(0); + expect(await victim.balanceOf(victim.target)).to.equal(1); + }); it('exploit underflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js b/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js index 19b6924..44ae128 100644 --- a/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js +++ b/smartbugs-curated/0.4.x/test/arithmetic/tokensalechallenge_test.js @@ -19,6 +19,15 @@ describe('attack arithmetic/tokensalechallenge.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/tokensalechallenge.sol', async function () { + const {victim} = await loadFixture(deployContracts); + const [sig] = await ethers.getSigners(); + await expect(victim.connect(sig).buy(1, {value: ethers.parseEther('1')})).to.not.be.reverted; + expect(await victim.balanceOf(sig.address)).to.equal(1); + await expect(victim.connect(sig).sell(1)).to.not.be.reverted; + expect(await victim.balanceOf(sig.address)).to.equal(0); + }); + it('exploit buy overflow vulnerability line 23', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/bad_randomness/blackjack_test.js b/smartbugs-curated/0.4.x/test/bad_randomness/blackjack_test.js index d2efc76..b0d06a0 100644 --- a/smartbugs-curated/0.4.x/test/bad_randomness/blackjack_test.js +++ b/smartbugs-curated/0.4.x/test/bad_randomness/blackjack_test.js @@ -2,6 +2,7 @@ const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers'); const { expect } = require('chai'); const path = require("path"); const fs = require("fs"); +const { exec } = require('child_process'); describe('attack bad_randomness/blackjack.sol', function () { let victimAmount, attackerAmount; @@ -34,6 +35,12 @@ describe('attack bad_randomness/blackjack.sol', function () { return {victim, attacker}; } + it('sanity check: bad_randomness/blackjack.sol', async function () { + const {victim} = await loadFixture(deployContracts); + // expect(await victim.maxBet()).to.equal(ethers.parseEther('5')); + await expect(victim.deal({value: ethers.parseEther('1')})).to.not.be.reverted; + }); + it('exploit bad randomness vulnerability', async function () { const sleep = (delay) => new Promise((resolve) => setTimeout(resolve, delay)) diff --git a/smartbugs-curated/0.4.x/test/bad_randomness/etheraffle_test.js b/smartbugs-curated/0.4.x/test/bad_randomness/etheraffle_test.js index a9024b8..d55d258 100644 --- a/smartbugs-curated/0.4.x/test/bad_randomness/etheraffle_test.js +++ b/smartbugs-curated/0.4.x/test/bad_randomness/etheraffle_test.js @@ -19,6 +19,10 @@ describe('attack bad_randomness/etheraffle.sol', function () { return {victim, attacker}; } + it('sanity check: bad_randomness/etheraffle.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.buyTickets({value: ethers.parseEther('1')})).to.not.be.reverted; + }); it('exploit bad randomness vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/bad_randomness/guess_the_random_number_test.js b/smartbugs-curated/0.4.x/test/bad_randomness/guess_the_random_number_test.js index c28e197..1ae2d21 100644 --- a/smartbugs-curated/0.4.x/test/bad_randomness/guess_the_random_number_test.js +++ b/smartbugs-curated/0.4.x/test/bad_randomness/guess_the_random_number_test.js @@ -36,6 +36,10 @@ describe('attack bad_randomness/guess_the_random_number.sol', function () { return {block, victim, attacker}; } + it('sanity check: bad_randomness/guess_the_random_number.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.guess(42, {value: ethers.parseEther('1')})).to.not.be.reverted; + }); it('exploit bad randomness vulnerability', async function () { const {block, victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/bad_randomness/old_blockhash_test.js b/smartbugs-curated/0.4.x/test/bad_randomness/old_blockhash_test.js index 609ba92..6d58056 100644 --- a/smartbugs-curated/0.4.x/test/bad_randomness/old_blockhash_test.js +++ b/smartbugs-curated/0.4.x/test/bad_randomness/old_blockhash_test.js @@ -32,8 +32,16 @@ describe('attack bad_randomness/old_blockhash.sol', function () { return {victim, attacker}; } + it('sanity check: bad_randomness/old_blockhash.sol', async function () { + const {victim} = await loadFixture(deployContracts); + const bytes = ethers.randomBytes(32); + await expect(victim.lockInGuess(bytes, {value: ethers.parseEther("1")})).to.not.be.reverted; + await mine(257); + await expect(victim.settle()).to.not.be.reverted; + }); + - it('exploit brad randomness vulnerability', async function () { + it('exploit bad randomness vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); const victimBalanceBefore = await ethers.provider.getBalance(victim.target); diff --git a/smartbugs-curated/0.4.x/test/denial_of_service/auction_test.js b/smartbugs-curated/0.4.x/test/denial_of_service/auction_test.js index 9017254..7f7fabd 100644 --- a/smartbugs-curated/0.4.x/test/denial_of_service/auction_test.js +++ b/smartbugs-curated/0.4.x/test/denial_of_service/auction_test.js @@ -19,6 +19,11 @@ describe('attack denial_of_service/auction.sol', function () { return {victim, attacker}; } + it('sanity check: denial_of_service/auction.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.bid({value:1})).to.not.be.reverted; + }); + it('exploit denial of service vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/denial_of_service/dos_address_test.js b/smartbugs-curated/0.4.x/test/denial_of_service/dos_address_test.js index fd0217f..c1901c0 100644 --- a/smartbugs-curated/0.4.x/test/denial_of_service/dos_address_test.js +++ b/smartbugs-curated/0.4.x/test/denial_of_service/dos_address_test.js @@ -14,6 +14,11 @@ describe('attack denial_of_service/dos_address.sol', function () { return {victim}; } + it('sanity check: denial_of_service/dos_address.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.iWin()).to.be.false; + }); + it('exploit denial of service vulnerability', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/denial_of_service/dos_number_test.js b/smartbugs-curated/0.4.x/test/denial_of_service/dos_number_test.js index 5df7274..b1e5ea2 100644 --- a/smartbugs-curated/0.4.x/test/denial_of_service/dos_number_test.js +++ b/smartbugs-curated/0.4.x/test/denial_of_service/dos_number_test.js @@ -14,6 +14,15 @@ describe('attack denial_of_service/dos_number.sol', function () { return {victim}; } + it('sanity check: denial_of_service/dos_number.sol', async function () { + const {victim} = await loadFixture(deployContracts); + for (let i = 0; i < 4; i++) { + await victim.insertNnumbers(1, 350); + } + await expect(victim.insertNnumbers(1, 101)).to.not.be.reverted; + await expect(victim.clearDOS()).to.not.be.reverted; + }); + it('exploit denial of service vulnerability', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/denial_of_service/dos_simple_test.js b/smartbugs-curated/0.4.x/test/denial_of_service/dos_simple_test.js index 2ff41f0..07b3ac7 100644 --- a/smartbugs-curated/0.4.x/test/denial_of_service/dos_simple_test.js +++ b/smartbugs-curated/0.4.x/test/denial_of_service/dos_simple_test.js @@ -19,6 +19,11 @@ describe('attack denial_of_service/dos_simple.sol', function () { return {victim, attacker}; } + it('sanity check: denial_of_service/dos_simple.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.ifillArray()).to.not.be.reverted; + }); + it('exploit denial of service vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/front_running/ERC20_test.js b/smartbugs-curated/0.4.x/test/front_running/ERC20_test.js index d615bc4..3cf5ed2 100644 --- a/smartbugs-curated/0.4.x/test/front_running/ERC20_test.js +++ b/smartbugs-curated/0.4.x/test/front_running/ERC20_test.js @@ -14,6 +14,13 @@ describe('attack front_running/ERC20.sol', function () { return {victim}; } + it('sanity check: front_running/ERC20.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).approve(attacker.address, 100)).to.not.be.reverted; + await expect(victim.connect(owner).approve(attacker.address, 10)).to.not.be.reverted; + await expect(victim.connect(attacker).transferFrom(owner.address, attacker.address, 10)).to.not.be.reverted; + }); + it('front running vulnerability', async function () { const {victim} = await loadFixture(deployContracts); @@ -26,7 +33,7 @@ describe('attack front_running/ERC20.sol', function () { await network.provider.send("evm_setAutomine", [false]); await network.provider.send("evm_setIntervalMining", [0]); - // owner tries to restify the allowance + // owner tries to rectify the allowance const tx1 = await victim.connect(owner).approve(attacker.address, 10, {gasPrice: 767532034}); // attacker sees tx1's gasPrice and increases its tx gasPrice to become retrieve the tokens before tx1 is mined diff --git a/smartbugs-curated/0.4.x/test/front_running/eth_tx_order_dependence_minimal_test.js b/smartbugs-curated/0.4.x/test/front_running/eth_tx_order_dependence_minimal_test.js index a458b2a..c59d0ae 100644 --- a/smartbugs-curated/0.4.x/test/front_running/eth_tx_order_dependence_minimal_test.js +++ b/smartbugs-curated/0.4.x/test/front_running/eth_tx_order_dependence_minimal_test.js @@ -14,6 +14,13 @@ describe('attack front_running/eth_tx_order_dependence_minimal.sol', function () return {victim}; } + it('sanity check: front_running/eth_tx_order_dependence_minimal.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(owner).setReward({value:2})).to.not.be.reverted; + await expect(victim.connect(owner).setReward({value:1})).to.not.be.reverted; + await expect(victim.connect(attacker).claimReward(1)).to.not.be.reverted; + }); + it('front running vulnerability in setReward() function', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/front_running/odds_and_evens_test.js b/smartbugs-curated/0.4.x/test/front_running/odds_and_evens_test.js index 00a3c32..4622dc3 100644 --- a/smartbugs-curated/0.4.x/test/front_running/odds_and_evens_test.js +++ b/smartbugs-curated/0.4.x/test/front_running/odds_and_evens_test.js @@ -14,6 +14,11 @@ describe('attack front_running/odds_and_evens.sol', function () { return {victim}; } + it('sanity check: front_running/odds_and_evens.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.connect(user).play(0, {value: ethers.parseEther("1")})).to.not.be.reverted; + }); + it('front running vulnerability', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/other/crypto_roulette_test.js b/smartbugs-curated/0.4.x/test/other/crypto_roulette_test.js index dd51ad8..abdef21 100644 --- a/smartbugs-curated/0.4.x/test/other/crypto_roulette_test.js +++ b/smartbugs-curated/0.4.x/test/other/crypto_roulette_test.js @@ -15,6 +15,11 @@ describe('attack other/crypto_roulette.sol', function () { return {victim}; } + it('sanity check: other/crypto_roulette.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.play(10, {value: ethers.parseEther("0.1")})).to.not.be.reverted; + }); + it('exploit uninitialized storage vulnerability', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/other/name_registrar_test.js b/smartbugs-curated/0.4.x/test/other/name_registrar_test.js index bb82a8d..750ba89 100644 --- a/smartbugs-curated/0.4.x/test/other/name_registrar_test.js +++ b/smartbugs-curated/0.4.x/test/other/name_registrar_test.js @@ -18,6 +18,11 @@ describe('attack other/name_registrar.sol', function () { return {victim, attacker}; } + it('sanity check: other/name_registrar.sol', async function () { + const {victim} = await loadFixture(deployContracts); + const unlocked = await victim.unlocked(); + expect(unlocked).to.be.false; + }); it('exploit uninitialized storage vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/other/open_address_lottery_test.js b/smartbugs-curated/0.4.x/test/other/open_address_lottery_test.js index 2447f1e..8b74e52 100644 --- a/smartbugs-curated/0.4.x/test/other/open_address_lottery_test.js +++ b/smartbugs-curated/0.4.x/test/other/open_address_lottery_test.js @@ -15,6 +15,10 @@ describe('attack other/open_address_lottery.sol', function () { return {contract}; } + it('sanity check: other/open_address_lottery.sol', async function () { + const {contract} = await loadFixture(deployContracts); + await expect(contract.connect(participant).participate({value: ethers.parseEther("1")})).to.not.be.reverted; + }); it('exploit uninitialized storage vulnerability', async function () { const {contract} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js index e07b083..b5d7cbe 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", hacker = await MaliciousContract.deploy(victim.target); }); + it('sanity check: reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther('1') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther('1')); + await expect(victim.Collect(ethers.parseEther('1'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit({ value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js index 4df116b..750627f 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", }); + it('sanity check: reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js index 0139604..5468c13 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", }); + it('sanity check: reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js index b527e4e..830e8a6 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", hacker = await MaliciousContract.deploy(victim.target); }); + it('sanity check: reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit({ value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js index 9d6c3e3..8ae87e1 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0x561eac93c92360949ab1f1403323e6db345cbf31.sol", }); + it('sanity check: reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js index e295a04..7cedbe4 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", }); + it('sanity check: reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 1, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js index 4a3a251..c32b8da 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", hacker = await MaliciousContract.deploy(victim.target); }); + it('sanity check: reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit({ value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js index 93c3bc8..2d5ccaa 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", }); + it('sanity check: reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol', async function () { + await expect(victim.Put( 0, { value: ethers.parseEther('2') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther('2')); + await expect(victim.Collect(ethers.parseEther('2'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 1, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js index d36905f..75bd13b 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344_test.js @@ -2,6 +2,7 @@ const { expect } = require("chai"); const { ethers } = require("hardhat"); const path = require("path"); const fs = require("fs"); +const exp = require("constants"); describe("Reentrancy Attack for 0x8c7777c45481dba411450c228cb692ac3d550344.sol", function () { let ETH_VAULT; let victim; @@ -32,6 +33,13 @@ describe("Reentrancy Attack for 0x8c7777c45481dba411450c228cb692ac3d550344.sol", }); + it('sanity check: reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("0")); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js index 7c89c0a..54b2021 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5_test.js @@ -33,6 +33,13 @@ describe("Reentrancy Attack for 0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", }); + it('sanity check: reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 1, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js index ad1513b..6d225d1 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", }); + it('sanity check: reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("0")); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js index 68b5f5d..a7a58e6 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", }); + it('sanity check: reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 0, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js index bb195e8..81340c3 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", }); + it('sanity check: reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js index 1ed5c90..8e7cc59 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", }); + it('sanity check: reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js index c44ce3a..3cf3cc5 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", }); + it('sanity check: reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js index 490694b..dcdafdd 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", }); + it('sanity check: reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol', async function () { + await expect(victim.Deposit({ value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.CashOut(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("0")); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Deposit( {value: ethers.parseEther("4") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js index 026024a..6ba023b 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888_test.js @@ -32,6 +32,13 @@ describe("Reentrancy Attack for 0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", }); + it('sanity check: reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther("10") })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther("10"))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 0, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js index 20e21df..338a596 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", }); + it('sanity check: reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 0, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js b/smartbugs-curated/0.4.x/test/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js index e723bea..8c00614 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68_test.js @@ -31,6 +31,13 @@ describe("Reentrancy Attack for 0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", }); + it('sanity check: reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol', async function () { + await expect(victim.Put(0, { value: ethers.parseEther('10') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("10")); + await expect(victim.Collect(ethers.parseEther('10'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.Put( 0, {value: ethers.parseEther("3") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/etherstore_test.js b/smartbugs-curated/0.4.x/test/reentrancy/etherstore_test.js index a75480d..7e010e1 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/etherstore_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/etherstore_test.js @@ -27,6 +27,13 @@ describe("Reentrancy Attack for etherstore.sol", function () { }); + it('sanity check: reentrancy/etherstore.sol', async function () { + await expect(victim.depositFunds({ value: ethers.parseEther('1') })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther("1")); + await expect(victim.withdrawFunds(ethers.parseEther('1'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.depositFunds( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/modifier_reentrancy_test.js b/smartbugs-curated/0.4.x/test/reentrancy/modifier_reentrancy_test.js index 51160b6..2f0af83 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/modifier_reentrancy_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/modifier_reentrancy_test.js @@ -5,6 +5,7 @@ const fs = require("fs"); describe("Reentrancy Attack for modifier_reentrancy.sol", function () { let ModifierEntrancy; let victim; + let contract; let MaliciousContract; let hacker; @@ -18,12 +19,20 @@ describe("Reentrancy Attack for modifier_reentrancy.sol", function () { victim = await ModifierEntrancy.deploy(); await victim.waitForDeployment(); + const Bank = await ethers.getContractFactory("contracts/reentrancy/modifier_reentrancy_benign.sol:BankBenign"); + contract = await Bank.deploy(victim.target); + // Deploy MaliciousContract with ModifierEntrancy address MaliciousContract = await ethers.getContractFactory("contracts/reentrancy/modifier_reentrancy_attack.sol:MaliciousContract"); hacker = await MaliciousContract.deploy(victim.target); }); + it('sanity check: reentrancy/modifier_reentrancy.sol', async function () { + await expect(contract.airDrop()).to.not.be.reverted; + expect(await victim.tokenBalance(contract.target)).to.equal("20"); + }); + it("should successfully drain funds through reentrancy attack", async function () { diff --git a/smartbugs-curated/0.4.x/test/reentrancy/reentrance_test.js b/smartbugs-curated/0.4.x/test/reentrancy/reentrance_test.js index b9a2c4c..29fe679 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/reentrance_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/reentrance_test.js @@ -24,6 +24,16 @@ describe("Reentrancy Attack for reentrance.sol", function () { }); + it('sanity check: reentrancy/reentrance.sol', async function () { + const [sig] = await ethers.getSigners(); + expect(await victim.balanceOf(sig.address)).to.equal(0); + await expect(victim.connect(sig).donate(sig.address, {value: ethers.parseEther('1')})).to.not.be.reverted; + expect(await victim.balanceOf(sig.address)).to.equal(ethers.parseEther('1')); + await expect(victim.connect(sig).withdraw(ethers.parseEther('1'))).to.not.be.reverted + expect(await victim.balanceOf(sig.address)).to.equal(0); + }); + + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.donate( victim.target, {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_bonus_test.js b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_bonus_test.js index 3ee3644..7f2e349 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_bonus_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_bonus_test.js @@ -24,6 +24,10 @@ describe("Reentrancy Attack for reentrancy_bonus.sol", function () { }); + it('sanity check: reentrancy/reentrancy_bonus.sol', async function () { + await expect(victim.withdrawReward(hacker.target)).to.not.be.reverted; + }); + it("should successfully drain funds through reentrancy attack", async function () { // Add funds to the contract by sending ether directly await network.provider.send("hardhat_setBalance", [ diff --git a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_dao_test.js b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_dao_test.js index de56e3e..fe294f1 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_dao_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_dao_test.js @@ -25,6 +25,13 @@ describe("Reentrancy Attack for reentrancy_dao.sol", function () { }); + it('sanity check: reentrancy/reentrancy_dao.sol', async function () { + await expect(victim.deposit({value:ethers.parseEther('1')})).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther('1')); + await expect(victim.withdrawAll()).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.deposit( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_simple_test.js b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_simple_test.js index 2152331..e7225ff 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_simple_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/reentrancy_simple_test.js @@ -24,6 +24,13 @@ describe("Reentrancy Attack for reentrancy_simple.sol", function () { }); + it('sanity check: reentrancy/reentrancy_simple.sol', async function () { + await expect(victim.addToBalance({value:ethers.parseEther('1')})).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(ethers.parseEther('1')); + await expect(victim.withdrawBalance()).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.equal(0); + }); + it("should successfully drain funds through reentrancy attack", async function () { // Initial deposit to victim contract await victim.addToBalance( {value: ethers.parseEther("5") }); diff --git a/smartbugs-curated/0.4.x/test/reentrancy/simple_dao_test.js b/smartbugs-curated/0.4.x/test/reentrancy/simple_dao_test.js index bb7a5b5..7607559 100644 --- a/smartbugs-curated/0.4.x/test/reentrancy/simple_dao_test.js +++ b/smartbugs-curated/0.4.x/test/reentrancy/simple_dao_test.js @@ -23,6 +23,14 @@ describe("Reentrancy Attack for simpleDAO.sol", function () { return {simpleDAO, maliciousContract} } + it('sanity check: reentrancy/simpleDAO.sol', async function () { + const [sig] = await ethers.getSigners(); + const {simpleDAO} = await loadFixture(deployContracts); + await expect(simpleDAO.connect(sig).donate(sig.address, {value:ethers.parseEther('1')})).to.not.be.reverted; + expect(await ethers.provider.getBalance(simpleDAO.target)).to.equal(ethers.parseEther('1')); + await expect(simpleDAO.connect(sig).withdraw(ethers.parseEther('1'))).to.not.be.reverted; + expect(await ethers.provider.getBalance(simpleDAO.target)).to.equal(0); + }); it("should successfully drain funds through reentrancy attack", async function () { const {simpleDAO, maliciousContract} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/time_manipulation/ether_lotto_test.js b/smartbugs-curated/0.4.x/test/time_manipulation/ether_lotto_test.js index 0f4e428..1d497ec 100644 --- a/smartbugs-curated/0.4.x/test/time_manipulation/ether_lotto_test.js +++ b/smartbugs-curated/0.4.x/test/time_manipulation/ether_lotto_test.js @@ -19,6 +19,11 @@ describe('attack time_manipulation/ether_lotto.sol', function () { return {victim, attacker}; } + it('sanity check: time_manipulation/ether_lotto.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect(victim.play({value:10})).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.be.gte(0); + }); it('exploit time manipulation vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/time_manipulation/roulette_test.js b/smartbugs-curated/0.4.x/test/time_manipulation/roulette_test.js index ea421b4..b2b9d9f 100644 --- a/smartbugs-curated/0.4.x/test/time_manipulation/roulette_test.js +++ b/smartbugs-curated/0.4.x/test/time_manipulation/roulette_test.js @@ -17,6 +17,15 @@ describe('attack time_manipulation/roulette.sol', function () { return {victim}; } + it('sanity check: time_manipulation/roulette.sol', async function () { + const {victim} = await loadFixture(deployContracts); + await expect( owner.sendTransaction({ + to: victim.target, + value: amount + })).to.not.be.reverted; + expect(await ethers.provider.getBalance(victim.target)).to.be.gt(0); + }); + it('exploit time manipulation vulnerability', async function () { const {victim} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/time_manipulation/timed_crowdsale_test.js b/smartbugs-curated/0.4.x/test/time_manipulation/timed_crowdsale_test.js index 87d7c23..056b1ee 100644 --- a/smartbugs-curated/0.4.x/test/time_manipulation/timed_crowdsale_test.js +++ b/smartbugs-curated/0.4.x/test/time_manipulation/timed_crowdsale_test.js @@ -13,6 +13,12 @@ describe('attack time_manipulation/timed_crowdsale.sol', function () { return {victim}; } + it('sanity check: time_manipulation/timed_crowdsale.sol', async function () { + await hre.network.provider.send("hardhat_reset"); + const {victim} = await deployContracts(); + const saleFinished = await victim.isSaleFinished(); + expect(saleFinished).to.be.false; + }); it('exploit time manipulation vulnerability', async function () { await hre.network.provider.send("hardhat_reset"); @@ -20,11 +26,11 @@ describe('attack time_manipulation/timed_crowdsale.sol', function () { const saleEndTimestamp = 1546300800; - // // Fast forward time to January 1, 2019 (just after sale end) + // Fast forward time to January 1, 2019 (just after sale end) await time.setNextBlockTimestamp(saleEndTimestamp); await mine(1); - // // The sale should now be finished due to the time manipulation + // The sale should now be finished due to the time manipulation const saleFinished = await victim.isSaleFinished(); expect(saleFinished).to.be.true; }); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js index 36cf86a..a9c4f8e 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e_test.js @@ -18,9 +18,38 @@ describe("attack unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7 const PoCGame = await ethers.getContractFactory(json.abi, json.bytecode); const contract = await PoCGame.connect(owner).deploy(revertContract.target, amount); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + const successPoC = await PoCGame.connect(owner).deploy(successContract.target, amount); + + return {contract, revertContract, successPoC, successContract} }; + it('sanity check: unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol', async function () { + const {successPoC, successContract} = await loadFixture(deployContracts); + const donatedValue = await ethers.provider.getStorage(successPoC.target, 8); + expect(Number(donatedValue)).to.be.equal(0); + await expect(successPoC.connect(owner).AdjustDifficulty(amount)) + .to.emit(successPoC, "DifficultyChanged") + .withArgs(amount); + await successPoC.connect(owner).OpenToThePublic(); + + await expect(successPoC.connect(owner).wager({value: amount})) + .to.emit(successPoC, "Wager") + .withArgs(amount, owner.address); + + expect(await ethers.provider.getBalance(successPoC.target)).to.be.equal(amount); + await expect(successPoC.connect(owner).play()) + .to.emit(successPoC, "Lose") + .withArgs(amount/BigInt(2), owner.address); + + expect(await ethers.provider.getBalance(successPoC.target)).to.be.equal(amount/BigInt(2)); + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount/BigInt(2)); + const donatedValueAfter = await ethers.provider.getStorage(successPoC.target, 8); + expect(Number(donatedValueAfter)).to.be.equal(amount/BigInt(2)); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); await expect( diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js index d7225e1..de8dbb1 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2_test.js @@ -10,14 +10,24 @@ describe("attack unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e56 const codePath = path.join(__dirname, '../../artifacts/contracts/dataset/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol/demo.json'); const json = JSON.parse(fs.readFileSync(codePath)); const demo = await ethers.getContractFactory(json.abi, json.bytecode); - const contract = await demo.deploy(); + const contract = await demo.connect(owner).deploy(); const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.connect(owner).deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(owner.address, success_contract.target, [contract.target], [amount])).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -37,7 +47,7 @@ describe("attack unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e56 const val = [10, 10]; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(from, token.target, to, val)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(10)); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js index e6b64d5..8353ed9 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa_test.js @@ -15,9 +15,37 @@ describe("attack unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c561 const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.connect(owner).deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol in WithdrawToken()', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + await expect(contract.connect(owner).initTokenBank()).to.not.be.reverted; + const amount = ethers.parseEther("2"); + + await expect(successContract.connect(owner).transfer(contract.target, amount)).to.not.be.reverted; + expect(await successContract.balanceOf(contract.target)).to.equal(amount); + + await expect(owner.sendTransaction({ + to: contract.target, + value: amount, + })).to.not.be.reverted; + + expect(await ethers.provider.getBalance(contract.target)).to.equal(amount); + + expect(await contract.Holders(owner.address)).to.equal(amount); + + await expect(contract.WitdrawTokenToHolder(owner.address, successContract.target, amount)).to.not.be.reverted; + + expect(await contract.Holders(owner.address)).to.equal(0); + + expect(await successContract.balanceOf(owner.address)).to.equal(ethers.parseEther("10")); + expect(await successContract.balanceOf(successContract.target)).to.equal(0); + }); + it("exploit unchecked low level call vulnerability in WithdrawToken()", async function () { const {contract, revertContract} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js index 72d94f1..7aada40 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01_test.js @@ -15,9 +15,22 @@ describe("attack unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8 const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); + const token = await TokenEBU.connect(owner).deploy(10, "EBU", "EBU"); + + return {contract, revertContract, token} }; + it('sanity check: unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol', async function () { + const {contract, token} = await loadFixture(deployContracts); + const ownerBalance = await token.balanceOf(owner.address); + await expect(token.connect(owner).transfer(contract.target, 10)).to.not.be.reverted; + expect(await token.balanceOf(contract.target)).to.equal(10); + await expect(contract.initTokenBank()).to.not.be.reverted; + await expect(contract.connect(owner).WithdrawToken(token.target, 10, owner.address)).to.not.be.reverted; + expect(await token.balanceOf(owner.address)).to.equal(ownerBalance); + }); + it("exploit unchecked low level call vulnerability in WithdrawToken()", async function () { const {contract, revertContract} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js index 5f97b03..7948ff0 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3_test.js @@ -15,9 +15,19 @@ describe("attack unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e0450 const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(owner.address, success_contract.target, [contract.target], amount)).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -37,7 +47,7 @@ describe("attack unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e0450 const val = 10; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(from, token.target, to, val)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(val)); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js index a2ff03a..54da65a 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152_test.js @@ -15,9 +15,18 @@ describe("attack unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.connect(owner).deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + await expect(contract.transfer(owner.address, success_contract.target, [contract.target], 10)).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.equal(10); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js index 94c826b..b5d3054 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984_test.js @@ -17,9 +17,17 @@ describe("attack unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618ae const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.connect(owner).deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + await expect(contract.connect(owner).getTokens(2, successContract.target)).to.not.be.reverted; + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); const amount = ethers.parseEther("1"); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js index efe750e..9b242fb 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839_test.js @@ -15,9 +15,37 @@ describe("attack unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.connect(owner).deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + await expect(contract.connect(owner).initTokenBank()).to.not.be.reverted; + const amount = ethers.parseEther("2"); + + await expect(successContract.connect(owner).transfer(contract.target, amount)).to.not.be.reverted; + expect(await successContract.balanceOf(contract.target)).to.equal(amount); + + await expect(owner.sendTransaction({ + to: contract.target, + value: amount, + })).to.not.be.reverted; + + expect(await ethers.provider.getBalance(contract.target)).to.equal(amount); + + expect(await contract.Holders(owner.address)).to.equal(amount); + + await expect(contract.WitdrawTokenToHolder(owner.address, successContract.target, amount)).to.not.be.reverted; + + expect(await contract.Holders(owner.address)).to.equal(0); + + expect(await successContract.balanceOf(owner.address)).to.equal(ethers.parseEther("10")); + expect(await successContract.balanceOf(successContract.target)).to.equal(0); + }); + it("exploit unchecked low level call vulnerability in WithdrawToken()", async function () { const {contract, revertContract} = await loadFixture(deployContracts); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js index 2846bb2..2df5fb9 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_test.js @@ -1,4 +1,4 @@ -const { loadFixture, mine} = require('@nomicfoundation/hardhat-network-helpers'); +const { loadFixture, mine, setBalance} = require('@nomicfoundation/hardhat-network-helpers'); const { expect } = require('chai'); const { getContractAddress } = require('@ethersproject/address') const path = require("path"); @@ -35,43 +35,80 @@ describe("attack unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648 const pandaCaller = await PandaCaller.connect(owner).deploy(contract.target); await contract.connect(owner).setCFO(pandaCaller.target); + const PandaCallerSuccess = await ethers.getContractFactory("contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol:PandaCallerSuccess"); + const pandaCallerSuccess = await PandaCallerSuccess.connect(owner).deploy(contract.target); + const MyERC721 = await ethers.getContractFactory("contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol:MyERC721"); const nft = await MyERC721.connect(owner).deploy(); - ownerNonce = await owner.getNonce() + 1; - futureAddress = getContractAddress({ - from: owner.address, - nonce: ownerNonce - }); + const MyERC721Success = await ethers.getContractFactory("contracts/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3_attack.sol:MyERC721Success"); + const nftSuccess = await MyERC721Success.connect(owner).deploy(); - await owner.sendTransaction({ - to: futureAddress, - value: amount, - }); const salePath = path.join(__dirname, '../../artifacts/contracts/dataset/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol/SaleClockAuction.json'); const saleJson = JSON.parse(fs.readFileSync(salePath)); const SaleClockAuction = await ethers.getContractFactory(saleJson.abi, saleJson.bytecode); const saleAuction = await SaleClockAuction.connect(owner).deploy(nft.target, 10); + await setBalance(saleAuction.target, amount); - ownerNonce = await owner.getNonce() + 1; - futureAddress = getContractAddress({ - from: owner.address, - nonce: ownerNonce - }); - - await owner.sendTransaction({ - to: futureAddress, - value: amount, - }); + const saleAuctionSuccess = await SaleClockAuction.connect(owner).deploy(nftSuccess.target, 10); + await setBalance(saleAuctionSuccess.target, amount); const siringPath = path.join(__dirname, '../../artifacts/contracts/dataset/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol/SiringClockAuction.json'); const siringJson = JSON.parse(fs.readFileSync(siringPath)); const SiringClockAuction = await ethers.getContractFactory(siringJson.abi, siringJson.bytecode); const siringAuction = await SiringClockAuction.connect(owner).deploy(contract.target, 10); - - return {pandaCaller, contract, saleAuction, siringAuction, nft} + await setBalance(siringAuction.target, amount); + return {pandaCaller, contract, saleAuction, siringAuction, nft, nftSuccess, saleAuctionSuccess, pandaCallerSuccess} }; + it('sanity check: unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol in function withdrawAuctionBalances()', async function () { + const {contract, saleAuctionSuccess, siringAuction} = await loadFixture(deployContracts); + await expect(saleAuctionSuccess.connect(owner).transferOwnership(contract.target)).not.be.reverted; + + expect(await ethers.provider.getBalance(saleAuctionSuccess.target)).to.be.equal(amount); + expect(await ethers.provider.getBalance(siringAuction.target)).to.be.equal(amount); + + await contract.connect(owner).setSiringAuctionAddress(siringAuction.target); + await contract.connect(owner).setSaleAuctionAddress(saleAuctionSuccess.target); + + await expect(contract.connect(owner).withdrawAuctionBalances()).to.not.be.reverted; + + expect(await ethers.provider.getBalance(saleAuctionSuccess.target)).to.be.equal(0); + expect(await ethers.provider.getBalance(siringAuction.target)).to.be.equal(0); + + }); + + it("sanity check: unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol in function giveBirth()", async function () { + const {pandaCallerSuccess, contract, saleAuction, siringAuction} = await loadFixture(deployContracts); + await contract.connect(owner).setCFO(pandaCallerSuccess.target); + await contract.connect(owner).setSiringAuctionAddress(siringAuction.target); + await contract.connect(owner).setSaleAuctionAddress(saleAuction.target); + expect(await ethers.provider.getBalance(contract.target)).to.be.equal(amount); + expect(await ethers.provider.getBalance(pandaCallerSuccess.target)).to.be.equal(0); + await expect(pandaCallerSuccess.withdraw()).to.not.be.reverted; + expect(await ethers.provider.getBalance(contract.target)).to.be.equal(ethers.parseEther("0.002")); + expect(await ethers.provider.getBalance(pandaCallerSuccess.target)).to.be.equal(ethers.parseEther("0.998")); + + await contract.connect(owner).init(); + await contract.connect(owner).unpause(); + + await contract.connect(owner).createWizzPanda([1,1], 0, owner.address); + await contract.connect(owner).createWizzPanda([2,2], 0, owner.address); + + await contract.connect(owner).breedWithAuto(2, 1, {value: amount}); + + + await mine(10000); + + await expect(pandaCallerSuccess.call(2, [3,3], [100,0])) + .to.emit(contract, "Birth") + .withArgs(owner.address, 3, 2, 1, [3,3]); + + // caller does not get the reward + expect(await ethers.provider.getBalance(pandaCallerSuccess.target)).to.be.equal(amount); + + }); + it("exploit unchecked low level call vulnerability in function withdrawAuctionBalances()", async function () { const {pandaCaller, contract, saleAuction, siringAuction, nft} = await loadFixture(deployContracts); await expect( diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js index fc9fc44..1ff6a87 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4_test.js @@ -18,9 +18,38 @@ describe("attack unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85 const PoCGame = await ethers.getContractFactory(json.abi, json.bytecode); const contract = await PoCGame.connect(owner).deploy(revertContract.target, amount); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + const successPoC = await PoCGame.connect(owner).deploy(successContract.target, amount); + + return {contract, revertContract, successPoC, successContract} }; + it('sanity check: unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol', async function () { + const {successPoC, successContract} = await loadFixture(deployContracts); + const donatedValue = await ethers.provider.getStorage(successPoC.target, 8); + expect(Number(donatedValue)).to.be.equal(0); + await expect(successPoC.connect(owner).AdjustDifficulty(amount)) + .to.emit(successPoC, "DifficultyChanged") + .withArgs(amount); + await successPoC.connect(owner).OpenToThePublic(); + + await expect(successPoC.connect(owner).wager({value: amount})) + .to.emit(successPoC, "Wager") + .withArgs(amount, owner.address); + + expect(await ethers.provider.getBalance(successPoC.target)).to.be.equal(amount); + await expect(successPoC.connect(owner).play()) + .to.emit(successPoC, "Lose") + .withArgs(amount/BigInt(2), owner.address); + + expect(await ethers.provider.getBalance(successPoC.target)).to.be.equal(amount/BigInt(2)); + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount/BigInt(2)); + const donatedValueAfter = await ethers.provider.getStorage(successPoC.target, 8); + expect(Number(donatedValueAfter)).to.be.equal(amount/BigInt(2)); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); await expect( diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js index 2e576da..81b3d62 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_test.js @@ -15,9 +15,88 @@ describe("attack unchecked_low_level_calls/unchecked_return_value.sol", function const TownCrierCaller = await ethers.getContractFactory("contracts/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_attack.sol:TownCrierCaller"); const caller = await TownCrierCaller.deploy(contract.target); - return {contract, caller} + const TownCrierCallerBenign = await ethers.getContractFactory("contracts/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_benign.sol:TownCrierCaller"); + const successCaller = await TownCrierCallerBenign.deploy(contract.target); + + return {contract, caller, successCaller} }; + it('sanity check: unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_attack.sol in line 180', async function () { + const {contract, successCaller} = await loadFixture(deployContracts); + const SGX_ADDRESS = "0x18513702cCd928F2A3eb63d900aDf03c9cc81593"; + await network.provider.request({ + method: "hardhat_impersonateAccount", + params: [SGX_ADDRESS], + }); + const SGX_sign = await ethers.getSigner(SGX_ADDRESS); + + await owner.sendTransaction({ + to: SGX_ADDRESS, + value: ethers.parseEther("10"), + }); + + const requestType = 1; + + const requestData = [ + ethers.encodeBytes32String("data") + ]; + + await expect(owner.sendTransaction({to: successCaller.target, value: 1})).to.not.be.reverted; + + const amount = ethers.parseEther("1"); + const tx = successCaller.request(requestType, requestData, {value: amount}); + await expect(successCaller.request(requestType, requestData, {value: amount})) + .to.emit(contract, "RequestInfo"); + + let fee = await contract.requests(1); + expect(fee[1]).to.be.equal(amount); + const paramsHash = successCaller.hash(); + + await expect(contract.connect(SGX_sign).deliver(1, paramsHash, 3, ethers.encodeBytes32String("data"))) + .to.emit(contract, "DeliverInfo").to.emit(successCaller, "LogResponse").to.emit(successCaller, "Received"); + + fee = await contract.requests(1); + expect(fee[1]).to.be.equal(0); + }); + + it("sanity check: unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b_attack.sol in line 192", async function () { + const {contract, successCaller} = await loadFixture(deployContracts); + const SGX_ADDRESS = "0x18513702cCd928F2A3eb63d900aDf03c9cc81593"; + await network.provider.request({ + method: "hardhat_impersonateAccount", + params: [SGX_ADDRESS], + }); + const SGX_sign = await ethers.getSigner(SGX_ADDRESS); + + await owner.sendTransaction({ + to: SGX_ADDRESS, + value: ethers.parseEther("10"), + }); + + const requestType = 1; + + const requestData = [ + ethers.encodeBytes32String("data") + ]; + + await expect(successCaller.response(1,1,requestData[0])).to.not.be.reverted; + + const amount = ethers.parseEther("1"); + const tx = successCaller.request(requestType, requestData, {value: amount}); + await expect(successCaller.request(requestType, requestData, {value: amount})) + .to.emit(contract, "RequestInfo"); + + let fee = await contract.requests(1); + expect(fee[1]).to.be.equal(amount); + const paramsHash = successCaller.hash(); + + await expect(contract.connect(SGX_sign).deliver(1, paramsHash, 0, ethers.encodeBytes32String("data"))) + .to.emit(contract, "DeliverInfo").to.emit(successCaller, "LogResponse"); + + fee = await contract.requests(1); + expect(fee[1]).to.be.equal(0); + }); + it("exploit unchecked low level call vulnerability in line 192", async function () { const {contract, caller} = await loadFixture(deployContracts); const SGX_ADDRESS = "0x18513702cCd928F2A3eb63d900aDf03c9cc81593"; diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js index de44b90..48bb6d6 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35_test.js @@ -15,9 +15,37 @@ describe("attack unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e0 const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.connect(owner).deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol in WithdrawToken()', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + await expect(contract.connect(owner).initTokenBank()).to.not.be.reverted; + const amount = ethers.parseEther("2"); + + await expect(successContract.connect(owner).transfer(contract.target, amount)).to.not.be.reverted; + expect(await successContract.balanceOf(contract.target)).to.equal(amount); + + await expect(owner.sendTransaction({ + to: contract.target, + value: amount, + })).to.not.be.reverted; + + expect(await ethers.provider.getBalance(contract.target)).to.equal(amount); + + expect(await contract.Holders(owner.address)).to.equal(amount); + + await expect(contract.WitdrawTokenToHolder(owner.address, successContract.target, amount)).to.not.be.reverted; + + expect(await contract.Holders(owner.address)).to.equal(0); + + expect(await successContract.balanceOf(owner.address)).to.equal(ethers.parseEther("10")); + expect(await successContract.balanceOf(successContract.target)).to.equal(0); + }); + it("exploit unchecked low level call vulnerability in WithdrawToken()", async function () { const {contract, revertContract} = await loadFixture(deployContracts); @@ -49,17 +77,9 @@ describe("attack unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e0 // signer puts the wrong address in the withdraw function await contract.WitdrawTokenToHolder(sig.address, revertContract.target, amount); - //signer no longer holds tokens + //signer no longer holds tokens but the tokens were never transferred expect(await contract.Holders(sig.address)).to.equal(0); - const revertBalance = await ethers.provider.getBalance(revertContract.target); - // the wrong contract doesn't get the ether - expect(revertBalance).to.equal(0); - - // the contract still holds the ether - expect(await ethers.provider.getBalance(contract.target)).to.equal(amount); - - }); it("exploit unchecked low level call vulnerability in WithdrawToHolder()", async function () { diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js index ff777a7..279b5f7 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431_test.js @@ -15,9 +15,19 @@ describe("attack unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401 const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(success_contract.target, [contract.target], [amount])).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -37,7 +47,7 @@ describe("attack unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401 const val = [10, 10]; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(token.target, to, val)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(10)); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js index 303a096..f45dad8 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae_test.js @@ -15,9 +15,19 @@ describe("attack unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(owner.address, success_contract.target, [contract.target], [amount])).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -37,7 +47,7 @@ describe("attack unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea const val = [10, 10]; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(from, token.target, to, val)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(10)); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js index 923550d..531220d 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77_test.js @@ -17,9 +17,19 @@ describe("attack unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).proxy(successContract.target, "0x", {value: amount})).to.not.be.reverted; + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); const amount = ethers.parseEther("1"); @@ -49,7 +59,7 @@ describe("attack unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a expect(await contract.Owner()).to.be.equal(owner.address); expect(await contract.Deposits(owner.address)).to.be.equal(0); const OwnerBalance = await ethers.provider.getBalance(owner.address); - //withdraw won't return the funds sincet the deposit is zero + //withdraw won't return the funds since the deposit is zero const tx = await contract.connect(owner).withdraw(amount); const receipt = await tx.wait(); expect(await ethers.provider.getBalance(owner.address)).to.be.equal(OwnerBalance - receipt.gasUsed * tx.gasPrice); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js index d5d0aef..6ed995b 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7_test.js @@ -17,9 +17,26 @@ describe("attack unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9ceb const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(successContract.sendEther(contract.target, {value: amount})).not.be.reverted; + expect(await contract.balances(successContract.target)).to.be.equal(amount); + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(0); + expect(await ethers.provider.getBalance(contract.target)).to.be.equal(amount); + + await expect(successContract.withdrawEther(contract.target)).to.not.be.reverted; + expect(await contract.balances(successContract.target)).to.be.equal(0); + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount); + expect(await ethers.provider.getBalance(contract.target)).to.be.equal(0); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); expect(await ethers.provider.getBalance(contract.target)).to.be.equal(0); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js index a224817..6bbbd71 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52_test.js @@ -17,9 +17,19 @@ describe("attack unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065 const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).proxy(successContract.target, "0x", {value: amount})).to.not.be.reverted; + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); const amount = ethers.parseEther("1"); @@ -49,12 +59,10 @@ describe("attack unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065 expect(await contract.Owner()).to.be.equal(owner.address); expect(await contract.Deposits(owner.address)).to.be.equal(0); const OwnerBalance = await ethers.provider.getBalance(owner.address); - //withdraw won't return the funds sincet the deposit is zero + //withdraw won't return the funds since the deposit is zero const tx = await contract.connect(owner).withdraw(amount); const receipt = await tx.wait(); expect(await ethers.provider.getBalance(owner.address)).to.be.equal(OwnerBalance - receipt.gasUsed * tx.gasPrice); - - }); }); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js index a973638..a0eb142 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c_test.js @@ -17,9 +17,19 @@ describe("attack unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb0 const RevertContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/revert_contract.sol:RevertContract"); const revertContract = await RevertContract.deploy(); - return {contract, revertContract} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const successContract = await SuccessContract.deploy(); + + return {contract, revertContract, successContract} }; + it('sanity check: unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol', async function () { + const {contract, successContract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).proxy(successContract.target, "0x", {value: amount})).to.not.be.reverted; + expect(await ethers.provider.getBalance(successContract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, revertContract} = await loadFixture(deployContracts); const amount = ethers.parseEther("1"); @@ -49,7 +59,7 @@ describe("attack unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb0 expect(await contract.Owner()).to.be.equal(owner.address); expect(await contract.Deposits(owner.address)).to.be.equal(0); const OwnerBalance = await ethers.provider.getBalance(owner.address); - //withdraw won't return the funds sincet the deposit is zero + //withdraw won't return the funds since the deposit is zero const tx = await contract.connect(owner).withdraw(amount); const receipt = await tx.wait(); expect(await ethers.provider.getBalance(owner.address)).to.be.equal(OwnerBalance - receipt.gasUsed * tx.gasPrice); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js index 31760e1..6297cd2 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c_test.js @@ -15,9 +15,19 @@ describe("attack unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc6 const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(owner.address, success_contract.target, [contract.target], amount)).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -37,7 +47,7 @@ describe("attack unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc6 const val = 10; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(from, token.target, to, val)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(val)); diff --git a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js index 0bab366..8ea6770 100644 --- a/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js +++ b/smartbugs-curated/0.4.x/test/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220_test.js @@ -15,9 +15,19 @@ describe("attack unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c70 const TokenEBU = await ethers.getContractFactory("contracts/unchecked_low_level_calls/TokenEBU.sol:TokenEBU"); const token = await TokenEBU.connect(owner).deploy(1, "EBU", "EBU"); - return {contract, token} + const SuccessContract = await ethers.getContractFactory("contracts/unchecked_low_level_calls/success_contract.sol:SuccessContract"); + const success_contract = await SuccessContract.deploy(); + + return {contract, token, success_contract} }; + it('sanity check: unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol', async function () { + const {contract, success_contract} = await loadFixture(deployContracts); + const amount = ethers.parseEther("1"); + await expect(contract.connect(owner).transfer(owner.address, success_contract.target, [contract.target], amount, 0)).to.not.be.reverted; + expect(await success_contract.balanceOf(contract.target)).to.be.equal(amount); + }); + it("exploit unchecked low level call vulnerability", async function () { const {contract, token} = await loadFixture(deployContracts); @@ -38,7 +48,7 @@ describe("attack unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c70 const val = 10; const dec = 0; - // it does not revert cause the return value o all is not checked + // it does not revert cause the return value of call is not checked await expect(contract.transfer(from, token.target, to, val, dec)).not.be.reverted; // the second transfer does not happen expect(await token.balanceOf(owner)).to.be.equal(amount - BigInt(val)); diff --git a/smartbugs-curated/0.8.x/test/arithmetic/integer_overflow_minimal_test.js b/smartbugs-curated/0.8.x/test/arithmetic/integer_overflow_minimal_test.js index 638eb19..8273ca5 100644 --- a/smartbugs-curated/0.8.x/test/arithmetic/integer_overflow_minimal_test.js +++ b/smartbugs-curated/0.8.x/test/arithmetic/integer_overflow_minimal_test.js @@ -18,6 +18,10 @@ describe('attack arithmetic/integer_overflow_minimal.sol', function () { return {victim, attacker}; } + it('sanity check: arithmetic/integer_overflow_benign_1.sol', async function () { + const {victim} = await loadFixture(deployContracts); + expect(await victim.count()).to.equal(1); + }); it('exploit underflow vulnerability', async function () { const {victim, attacker} = await loadFixture(deployContracts);