smartdec / smartcheck Goto Github PK

SmartCheck – a static analysis tool that detects vulnerabilities and bugs in Solidity programs (Ethereum-based smart contracts).

License: GNU General Public License v3.0

Java 25.05% Solidity 25.98% HTML 47.70% Vyper 1.27%

smartcheck's Introduction

SmartDec is a set of tools for decompilation. These tools are:

    * nocode — a command-line decompiler;
    * smartdec — a decompiler with graphical user interface;
    * ida-plugin — a decompiler plug-in for the IDA Pro disassembler.

For building instructions, see the file named `doc/build.txt'.
For an overview of decompiler's architecture, see `doc/developer'.

Use `make' (or directly `pdflatex main.tex' twice) to build PDF files
inside the directories.

# vim:set et sts=4 sw=4 tw=72:

smartcheck's People

Contributors

Stargazers

Watchers

Forkers

tiandiyixian rshigemura f0829 fabioajm rusyamurzin mmg1 dbuarque peizihui yxliang01 destroyersrt mtabz pedrocrvz arryboom sobolev-igor wjliuh007 macromachine ethanok usersolidity akaskyknight ragdked 5l1v3r1 saarshah softstack island255 dutchcoin codersguild ezaruba v9hstk echohermion evildonkey420 contractshark yurivin hash0x rudreshsolanki97 cybercrimeshield cryptopossum gsoncloud wizzwise loganbek qqf0312 ait-s richard9219 howl111 clementtrebuchet oceanbaichuan binwang-neu ljhofgithub yessson korallin hun-wu etsploit terobox dcentn zzhsec kalianalytics rajad317 trouvail zhidandeng rektifyai nickrawlings2012 andyoulovexy jedishao icontee imsellbaox pothurilakshmiharika ajunlonglive crackwei taejoonn zhu1971 cluna80 websecresearch ccsnow127 solidchecked syedmda willowuni algorinth-labs enrgyprotocol teutades princeleonal pinchaschaim 0xjema ravikantcool2023 pu55yf3r

smartcheck's Issues

Breaking Change: new format for output

We are going to change the output format to human readable ESLint stylish (see PR).
If this may cause a problem for anyone please leave a comment.

a user interface is needed,haha

It seems that it finally works, but what disappoints me a little is there is no user interface, looking forward to your good job! And what you have done is really great!

Which of the rules in the rule description cover a reentrancy vulnerability?

Hello,

in your paper, you mention that your tool looks for reentrancy vulnerabilities. However, I could not find it in the rule description directory.

Does your current tool still look for the issue? And if, which rule does check for it?

Thanks!

Lukas

Installation is done, but the app shows errors when it runs from the terminal

I just installed the smrtcheck and run it from the mac terminal but it shows the following exception:

Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/adapters/XmlAdapter
at ru.smartdec.smartcheck.app.cli.Tool.makeDirectoryAnalysis(Tool.java:126)
at ru.smartdec.smartcheck.app.cli.Tool.run(Tool.java:145)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:81)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:36)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.adapters.XmlAdapter
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:185)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496)
... 4 more

Documentation in the rules xml is in Russian

I noticed that the comments on rules and patters in solidity-rules.xml are in russian. I don't know if these are important or not, but could you translate it to English as well?

Problem to run this application getting output with "Exception in thread "main" java.lang.IllegalArgumentException"

Hi, i had been trying to build this application in the Intellij Idea, but my problem is after i had build everything and run , i keep on getting this error as below, and i need your help to teach me or show me what should i do to make this thing go away and get the correct output when run this system. Thank you.

Exception in thread "main" java.lang.IllegalArgumentException
at java.util.Optional.orElseThrow(Optional.java:290)
at ru.smartdec.soliditycheck.app.cli.Tool.main(Tool.java:42)
at ru.smartdec.soliditycheck.app.cli.Tool.main(Tool.java:30)

https://tool.smartdec.net not working anymore

Hi Team the website is not working anymore. Can you please look into this. Thanks

How to install smartcheck?

Hello, I am a student who wants to use smartcheck. I made a mistake when installing SmartCheck using npm install @smartdec / smartcheck -g. The system environment is win10. Could I install SmartCheck in this way now?

Error in running

Hi @eMarchenko , I have a question. I can see 'import ru.smartdec.smartcheck.SolidityParser' in 'SourceLanguages.java', but can't find 'SolidityParser.java' file in 'ru/smartdec/smartcheck/', Is this reasonable? Thank you very much!

@eMarchenko

Building Using source code of SmartCheck failed

I am trying an option of Using source code of SmartCheck. I have done following steps

I have git clone your code
then in the root folder of smartcheck, i run mvn clean package
this gives my following error

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  24.380 s
[INFO] Finished at: 2020-01-06T16:28:24+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project smartcheck: Fatal error compiling: java.lang.ExceptionInInitializerError: com.sun.tools.javac.code.TypeTags -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

I have following versions of :
java version "11.0.5" 2019-10-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.5+10-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode)

Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: C:\apache-maven-3.6.3\bin..
Java version: 11.0.5, vendor: Oracle Corporation, runtime: C:\Program Files\Java\jdk-11.0.5
Default locale: en_SG, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"

When i have changed

<maven.compiler.source>${java.version}</maven.compiler.source>
        <maven.compiler.target>${java.version}</maven.compiler.target>

then following error occurred
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-pmd-plugin:3.7:pmd (pmd) on project smartcheck: Execution pmd of goal org.apache.maven.plugins:maven-pmd-plugin:3.7:pmd failed: org.apache.maven.reporting.MavenReportException: Unsupported targetJdk value '11.0.5'. -> [Help 1]
UPDATED:
when i run this on java 1.8 and window 8, then following error occurred:

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running ru.smartdec.smartcheck.RulesTest
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.257 sec <<< FA
ILURE!
patterns(ru.smartdec.smartcheck.RulesTest)  Time elapsed: 8.12 sec  <<< ERROR!
java.lang.RuntimeException: Unexpected file C:\Users\Jawad\smartcheck\target\tes
t-classes\rules\SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL.SOL
        at ru.smartdec.smartcheck.RulesTest.patternsActual(RulesTest.java:194)
        at ru.smartdec.smartcheck.RulesTest.patterns(RulesTest.java:82)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(Framework
Method.java:50)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCal
lable.java:12)
        at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMe
thod.java:47)
        at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMet
hod.java:17)
        at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.
java:26)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRun
ner.java:78)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRun
ner.java:57)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provide
r.java:252)
        at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4
Provider.java:141)
        at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider
.java:112)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(
ReflectionUtils.java:189)
        at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke
(ProviderFactory.java:165)
        at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(Provi
derFactory.java:85)
        at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(Fork
edBooter.java:115)
        at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:
75)


Results :

Tests in error:
  patterns(ru.smartdec.smartcheck.RulesTest): Unexpected file C:\Users\Jawad\sma
rtcheck\target\test-classes\rules\SOLIDITY_UNUSED_FUNCTION_SHOULD_BE_EXTERNAL.SO
L

Tests run: 1, Failures: 0, Errors: 1, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  04:23 min
[INFO] Finished at: 2020-01-06T14:06:22+05:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.
12.4:test (default-test) on project smartcheck: There are test failures.
[ERROR]
[ERROR] Please refer to C:\Users\Jawad\smartcheck\target\surefire-reports for th
e individual test results.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e swit
ch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please rea
d the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureExc
eption

Error in running `mvn clean package`

smartcheck % mvn clean package
[INFO] Scanning for projects...
[INFO] 
[INFO] -----------------------< ru.smartdec:smartcheck >-----------------------
[INFO] Building smartcheck 2.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ smartcheck ---
[INFO] Deleting smartcheck/target
[INFO] 
[INFO] --- maven-checkstyle-plugin:3.0.0:check (default) @ smartcheck ---
[INFO] 
[INFO] >>> maven-pmd-plugin:3.7:check (default) > :pmd @ smartcheck >>>
[INFO] 
[INFO] --- maven-pmd-plugin:3.7:pmd (pmd) @ smartcheck ---
[INFO] 
[INFO] <<< maven-pmd-plugin:3.7:check (default) < :pmd @ smartcheck <<<
[INFO] 
[INFO] 
[INFO] --- maven-pmd-plugin:3.7:check (default) @ smartcheck ---
[INFO] 
[INFO] 
[INFO] >>> maven-pmd-plugin:3.7:cpd-check (default) > :cpd @ smartcheck >>>
[INFO] 
[INFO] --- maven-pmd-plugin:3.7:cpd (cpd) @ smartcheck ---
[INFO] 
[INFO] <<< maven-pmd-plugin:3.7:cpd-check (default) < :cpd @ smartcheck <<<
[INFO] 
[INFO] 
[INFO] --- maven-pmd-plugin:3.7:cpd-check (default) @ smartcheck ---
[INFO] 
[INFO] 
[INFO] --- antlr4-maven-plugin:4.7:antlr4 (default) @ smartcheck ---
[INFO] ANTLR 4: Processing source directory smartcheck/src/main/antlr4
[INFO] Processing grammar: ru/smartdec/smartcheck/Solidity.g4
[INFO] Processing grammar: ru/smartdec/smartcheck/Vyper.g4
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ smartcheck ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 150 resources
[INFO] Copying 2 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ smartcheck ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 48 source files to smartcheck/target/classes
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  7.572 s
[INFO] Finished at: 2021-06-08T17:24:56+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project smartcheck: Fatal error compiling: java.lang.ExceptionInInitializerError: Unable to make field private com.sun.tools.javac.processing.JavacProcessingEnvironment$DiscoveredProcessors com.sun.tools.javac.processing.JavacProcessingEnvironment.discoveredProcs accessible: module jdk.compiler does not "opens com.sun.tools.javac.processing" to unnamed module @560c95 -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Issue in running analysis on installation using NPM

Installation as a npm global package goes fine but while running analysis for a file like:
smartcheck -p ./contracts/Greeter.sol

shows error:

Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/adapters/XmlAdapter
	at ru.smartdec.smartcheck.app.cli.Tool.makeDirectoryAnalysis(Tool.java:126)
	at ru.smartdec.smartcheck.app.cli.Tool.run(Tool.java:145)
	at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:81)
	at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:36)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.adapters.XmlAdapter
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
	... 4 more

Java Exception Reported When Running Smartcheck

Hi, I have tried to install smartcheck by using npm. It succeeded but reported exception when run smartcheck:

Exception in thread "main" java.lang.IllegalArgumentException
at java.util.Optional.orElseThrow(Optional.java:290)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:48)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:36)

What should i do?

Environment Information:
OS: Ubuntu 18.04 LTS
JDK Version: JDK 8_u131
Node.js Version: 10.15.1 LTS

Which rule is for reentrancy

In the rule description folder, I can not find the rule about reentrancy. Does this tool still support the detection of reentrancy?

Is something missing in pom.xml

Can't build project with mvn command. Is something missing in pom file? It's actually could not resolve reference to antlr (try newer version of antlr 4.7.2 - same result). After all, i just need a jar file.

cannot find XmlAdapter

After running a global install:

$ npm install @smartdec/smartcheck -g
/Users/bguiz/.nvm/versions/node/v10.15.0/bin/smartcheck -> /Users/bguiz/.nvm/versions/node/v10.15.0/lib/node_modules/@smartdec/smartcheck/jdeploy-bundle/jdeploy.js
+ @smartdec/[email protected]
added 17 packages from 12 contributors in 1.592s

... installation succeeded, but errored immediately upon running:

$ smartcheck -p .
Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/adapters/XmlAdapter
	at ru.smartdec.smartcheck.app.cli.Tool.makeDirectoryAnalysis(Tool.java:126)
	at ru.smartdec.smartcheck.app.cli.Tool.run(Tool.java:145)
	at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:81)
	at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:36)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.adapters.XmlAdapter
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:190)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:499)
	... 4 more

Is there some other step involved?

$ java --version
java 10.0.2 2018-07-17
Java(TM) SE Runtime Environment 18.3 (build 10.0.2+13)
Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.2+13, mixed mode)

^ this is the version of java that I have

Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/adapters/XmlAdapter

Hello,

I try to analyze my contract by writing

C:\Users\asus\Desktop\SampleJavaProj>smartcheck -p AlarmClock.sol

However I got error.

Could you please help to pass this error ?

My Java version : java 11 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11+28)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)

Exception in thread "main" java.lang.NoClassDefFoundError: javax/xml/bind/annotation/adapters/XmlAdapter
at ru.smartdec.smartcheck.app.cli.Tool.makeDirectoryAnalysis(Tool.java:126)
at ru.smartdec.smartcheck.app.cli.Tool.run(Tool.java:145)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:81)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:36)
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.adapters.XmlAdapter
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:582)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 4 more

ruleId Information

Hello,
I'm using the tool to detect some vulnerabilities in a simple solidity smart contract. The output says there is a vulnerability in the code, with a ruleId related to it.

Where can I find more information regarding these ruleIds?

Thanks

Difference between vulnerabilities code and suggestion

Hi, I would ask you a question that can help me in understanding the tool results. It is not an issue; I didn't know where to put it. The tool generates code when it finds anomalies in smart contracts. Are there codes that individuates weaknesses and other ones that individuate vulnerabilities (exploitable weaknesses)? If yes, how are they grouped? Many thanks for considering my request.

Using SmartCheck inside nodejs

Is there a way to use smartcheck inside the nodejs file by importing smartcheck node module?

problem

ide run this project.
Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: java.lang.IllegalArgumentException: Path component should be '/'
at ru.smartdec.smartcheck.TreeAnalysis.streamUnchecked(TreeAnalysis.java:24)
at ru.smartdec.smartcheck.app.cli.Tool.lambda$run$12(Tool.java:172)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.Iterator.forEachRemaining(Iterator.java:116)
at java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:270)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
at ru.smartdec.smartcheck.app.ReportDefault.print(ReportDefault.java:28)
at ru.smartdec.smartcheck.app.cli.Tool.run(Tool.java:219)
at ru.smartdec.smartcheck.app.cli.Tool.main(Tool.java:89)

hi ！Can this result be converted to JSON format？

Is there a built-in command to output JSON
i get the results like:

ruleId: SOLIDITY_VISIBILITY
patternId: 910067
severity: 1
line: 43
column: 4
content: functionVictim()payable{}

ruleId: SOLIDITY_VISIBILITY
patternId: 910067
severity: 1
line: 44
column: 4
content: functionwithDraw(){uintamount=userBalannce[msg.sender];if(amount>0){msg.sender.call.value(amount)();userBalannce[msg.sender]=0;}}

ruleId: SOLIDITY_VISIBILITY
patternId: 910067
severity: 1
line: 51
column: 4
content: functionreceiveEther()payable{if(msg.value>0){userBalannce[msg.sender]+=msg.value;}}

SOLIDITY_VISIBILITY :6
SOLIDITY_PRAGMAS_VERSION :1
SOLIDITY_UPGRADE_TO_050 :1
SOLIDITY_CALL_WITHOUT_DATA :1
SOLIDITY_EXACT_TIME :1

Test not passing: IllegalStateException

When I build via mvn clean package with Maven 3.6, OpenJDK 8, I received a test error:

IllegalStateException: SOLIDITY_FUNCTIONS_RETURNS_TYPE_AND_NO_RETURN

from

smartcheck/src/test/java/ru/smartdec/smartcheck/RulesTest.java

Line 217 in 774e8b3

.orElseThrow(() -> new IllegalStateException(id))

Also see the screenshot for stacktrace:

Currently, this prevents SmartCheck being built.

Thanks

Reentrancy rules was removed?

I noticed that the reentrancy rule (SOLIDITY_REENTRANCY_EXTERNAL_CALL) was removed. Is there any plans to add it back?

Number of problem types that smartCheck can detect today

Hello, I am a postgraduate student from Hehai University. Compared with the 21 smart contract issues you mentioned in your paper, smartCheck has now been able to detect a significant increase in the types of problems. I would like to ask how many smart contract issues SmartCheck covers today, and what are the criteria for determining each one? We look forward to your reply.

Clarification on Reentrancy Detection Capabilities in SmartCheck

Hi, thanks for you guys providing this tool for smart contract security.
I noticed that your team has mentioned the removal of reentrancy detection from the rules in several issues including #34.
However, I noticed that another rule, SOLIDITY_CALL_WITHOUT_DATA, is mapped to reentrancy issues by SmartBugs at https://github.com/smartbugs/smartbugs/wiki/Vulnerabilities-mapping.
This has led to some confusion on my part regarding the current capabilities of SmartCheck concerning reentrancy detection.

Could you please clarify whether the SOLIDITY_CALL_WITHOUT_DATA rule is intended to serve as a mechanism for detecting reentrancy vulnerabilities, or if it addresses a different concern?
Given the critical nature of reentrancy in smart contract security, understanding SmartCheck's current capabilities and limitations in this area is essential for users.

Thank you in advance for your insights and clarification. :)

[WARNING]
java.util.concurrent.ExecutionException: java.lang.reflect.InvocationTargetException
    at java.util.concurrent.FutureTask.report (FutureTask.java:122)
    at java.util.concurrent.FutureTask.get (FutureTask.java:192)
    at ru.smartdec.smartcheck.app.cli.TreeView.run (TreeView.java:60)
    at ru.smartdec.smartcheck.app.cli.TreeView.main (TreeView.java:29)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.mojo.exec.ExecJavaMojo$1.run (ExecJavaMojo.java:282)
    at java.lang.Thread.run (Thread.java:748)
Caused by: java.lang.reflect.InvocationTargetException
    at java.awt.EventQueue.invokeAndWait (EventQueue.java:1349)
    at java.awt.EventQueue.invokeAndWait (EventQueue.java:1324)
    at javax.swing.SwingUtilities.invokeAndWait (SwingUtilities.java:1353)
    at org.antlr.v4.gui.TreeViewer$7.call (TreeViewer.java:525)
    at org.antlr.v4.gui.TreeViewer$7.call (TreeViewer.java:520)
    at java.util.concurrent.FutureTask.run (FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:624)
    at java.lang.Thread.run (Thread.java:748)
Caused by: java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation which requires it.
    at java.awt.GraphicsEnvironment.checkHeadless (GraphicsEnvironment.java:204)
    at java.awt.Window.<init> (Window.java:536)
    at java.awt.Frame.<init> (Frame.java:420)
    at java.awt.Frame.<init> (Frame.java:385)
    at javax.swing.JFrame.<init> (JFrame.java:189)
    at org.antlr.v4.gui.TreeViewer.showInDialog (TreeViewer.java:266)
    at org.antlr.v4.gui.TreeViewer$7$1.run (TreeViewer.java:528)
    at java.awt.event.InvocationEvent.dispatch (InvocationEvent.java:301)
    at java.awt.EventQueue.dispatchEventImpl (EventQueue.java:758)
    at java.awt.EventQueue.access$500 (EventQueue.java:97)
    at java.awt.EventQueue$3.run (EventQueue.java:709)
    at java.awt.EventQueue$3.run (EventQueue.java:703)
    at java.security.AccessController.doPrivileged (Native Method)
    at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege (ProtectionDomain.java:74)
    at java.awt.EventQueue.dispatchEvent (EventQueue.java:728)
    at java.awt.EventDispatchThread.pumpOneEventForFilters (EventDispatchThread.java:205)
    at java.awt.EventDispatchThread.pumpEventsForFilter (EventDispatchThread.java:116)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy (EventDispatchThread.java:105)
    at java.awt.EventDispatchThread.pumpEvents (EventDispatchThread.java:101)
    at java.awt.EventDispatchThread.pumpEvents (EventDispatchThread.java:93)
    at java.awt.EventDispatchThread.run (EventDispatchThread.java:82)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  14.792 s
[INFO] Finished at: 2020-01-08T03:25:36Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:java (tree) on project smartcheck: An exception occured while executing the Java class. java.lang.reflect.InvocationTargetException:
[ERROR] No X11 DISPLAY variable was set, but this program performed an operation which requires it.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

output

Sorry to bother you, how do I print the results to a specific file instead of displaying them on the terminal? what command?