Rattle never finishes for some contracts
itszn opened this issue · comments
Amy commented
I tried analyzing the wallet contract from RealWorldCTF, but rattle never output anything or finished running. It appears to be stuck in some kind of infinite loop.
I ran the contract with python3.6 rattle-cli.py --input ./inputs/multisig.bin
Here is the contract with only the seemingly important parts left that cause the hang (removing either public function causes the hang to go away):
pragma solidity ^0.4.24;
contract MultiSigWallet {
struct Transaction{
address target; // 3
uint amount; // 4
bool isDelegate; // 5
bytes data; // 6
}
Transaction[] transactions;
mapping(address => bool) isOwner;
mapping(address => bool) isTrusted;
Transaction tx;
constructor() public{
isOwner[msg.sender] = true;
}
// ...
function deleteTransaction(uint id) public{
for (uint i = id; i < transactions.length-1; i++){
transactions[i] = transactions[i+1];
}
popTransaction();
}
// ...
// there's no pop impl in solidity, sad :(
function popTransaction() internal {
require(transactions.length >= 0);
transactions.length --;
}
function submitTransaction(address target, uint amount, bool isDelegate, bytes data) public returns(uint){
tx = Transaction(target, amount, isDelegate, data);
if (isOwner[msg.sender]) {
transactions.push(tx);
}
return transactions.length-1;
}
// ...
}
Here is the runtime bin:
YIBgQFJgBDYQYQBLV2AANXwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAEY/////8WgGLp
wAYUYQBQV4BjxqxT/RRhAH1XW2AAgP1bNIAVYQBcV2AAgP1bUGEAe2AEgDYDgQGQgIA1kGAgAZCS
kZBQUFBhATBWWwBbNIAVYQCJV2AAgP1bUGEBGmAEgDYDgQGQgIA1c///////////////////////
////FpBgIAGQkpGQgDWQYCABkJKRkIA1FRWQYCABkJKRkIA1kGAgAZCCAYA1kGAgAZCAgGAfAWAg
gJEEAmAgAWBAUZCBAWBAUoCTkpGQgYFSYCABg4OAgoQ3ggGRUFBQUFBQkZKRkpBQUFBhAmVWW2BA
UYCCgVJgIAGRUFBgQFGAkQOQ81tgAIGQUFtgAWAAgFSQUAOBEBVhAllXYABgAYIBgVSBEBUVYQFY
V/5bkGAAUmAgYAAgkGAEAgFgAIKBVIEQFRVhAXVX/luQYABSYCBgACCQYAQCAWAAggFgAJBUkGEB
AAqQBHP//////////////////////////xaBYAABYABhAQAKgVSBc///////////////////////
////AhkWkINz//////////////////////////8WAheQVVBgAYIBVIFgAQFVYAKCAWAAkFSQYQEA
CpAEYP8WgWACAWAAYQEACoFUgWD/AhkWkIMVFQIXkFVQYAOCAYFgAwGQgFRgAYFgARYVYQEAAgMW
YAKQBGECSJKRkGEEvlZbUJBQUICAYAEBkVBQYQE2VlthAmFhBJJWW1BQVltgAGCAYEBRkIEBYEBS
gIZz//////////////////////////8WgVJgIAGFgVJgIAGEFRWBUmAgAYOBUlBgA2AAggFRgWAA
AWAAYQEACoFUgXP//////////////////////////wIZFpCDc///////////////////////////
FgIXkFVQYCCCAVGBYAEBVWBAggFRgWACAWAAYQEACoFUgWD/AhkWkIMVFQIXkFVQYGCCAVGBYAMB
kIBRkGAgAZBhAzCSkZBhBUVWW1CQUFBgAWAAM3P//////////////////////////xZz////////
//////////////////8WgVJgIAGQgVJgIAFgACBgAJBUkGEBAAqQBGD/FhVhBH9XYABgA5CAYAGB
VAGAglWAkVBQkGABggOQYABSYCBgACCQYAQCAWAAkJGSkJGQkVBgAIIBYACQVJBhAQAKkARz////
//////////////////////8WgWAAAWAAYQEACoFUgXP//////////////////////////wIZFpCD
c///////////////////////////FgIXkFVQYAGCAVSBYAEBVWACggFgAJBUkGEBAAqQBGD/FoFg
AgFgAGEBAAqBVIFg/wIZFpCDFRUCF5BVUGADggGBYAMBkIBUYAGBYAEWFWEBAAIDFmACkARhBHqS
kZBhBL5WW1BQUFBbYAFgAIBUkFADkFCUk1BQUFBWW2AAgIBUkFAQFRUVYQSmV2AAgP1bYACAVICR
kGABkANhBLuRkGEFxVZbUFZbgoBUYAGBYAEWFWEBAAIDFmACkASQYABSYCBgACCQYB8BYCCQBIEB
koJgHxBhBPdXgFSFVWEFNFZbgoABYAEBhVWCFWEFNFdgAFJgIGAAIJFgHwFgIJAEggFbgoERFWEF
M1eCVIJVkWABAZGQYAEBkGEFGFZbW1CQUGEFQZGQYQX3VltQkFZbgoBUYAGBYAEWFWEBAAIDFmAC
kASQYABSYCBgACCQYB8BYCCQBIEBkoJgHxBhBYZXgFFg/xkWg4ABF4VVYQW0VluCgAFgAQGFVYIV
YQW0V5GCAVuCgREVYQWzV4JRglWRYCABkZBgAQGQYQWYVltbUJBQYQXBkZBhBfdWW1CQVluBVIGD
VYGBERVhBfJXYAQCgWAEAoNgAFJgIGAAIJGCAZEBYQXxkZBhBhxWW1tQUFBWW2EGGZGQW4CCERVh
BhVXYACBYACQVVBgAQFhBf1WW1CQVluQVlthBouRkFuAghEVYQaHV2AAgIIBYABhAQAKgVSQc///
////////////////////////AhkWkFVgAYIBYACQVWACggFgAGEBAAqBVJBg/wIZFpBVYAOCAWAA
YQZ+kZBhBo5WW1BgBAFhBiJWW1CQVluQVltQgFRgAYFgARYVYQEAAgMWYAKQBGAAglWAYB8QYQa0
V1BhBtNWW2AfAWAgkASQYABSYCBgACCQgQGQYQbSkZBhBfdWW1tQVgChZWJ6enIwWCAbe61E3sWJ
0c6/B9JA0mzBEzjnj+NdskoxZ3jjn6YVtwAp
Ryan Stortz commented
With 301b80b, rattle completes now but it's ugly. The functions aren't identified and split off, so the graph is huge and confusing. Sorry, I'll have to look into a better solution.